CVE-2018-2887

Опубликовано: 17 окт. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 6.4

EPSS Низкий

Описание

Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). Supported versions that are affected are 13.0.0 and 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).

Ссылки

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/105592
Third Party Advisory
VDB Entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/105592
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:oracle:micros_retail-j:12.1.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:micros_retail-j:13.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00496

Низкий

6.5 Medium

CVSS3

6.4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-8xgx-x9qh-pf23

CVSS3: 6.5

github

больше 3 лет назад

BDU:2019-00468

CVSS3: 6.5

fstec

больше 7 лет назад

Уязвимость компонента Back Office программного средства MICROS Retail-J, позволяющая нарушителю получить доступ на чтение, изменение, добавление или удаление данных

EPSS

Процентиль: 65%

0.00496

Низкий

6.5 Medium

CVSS3

6.4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo