Vulnerabilites related to oracle - micros_retail-j
CVE-2018-2889 (GCVE-0-2018-2889)
Vulnerability from cvelistv5
Published
2018-10-17 01:00
Modified
2024-10-02 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data.
Summary
Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Internal Operations). The supported version that is affected is 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MICROS Retail-J |
Version: 12.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:36:38.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105588",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105588"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-2889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T18:17:51.653723Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T19:47:24.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MICROS Retail-J",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.1.2"
}
]
}
],
"datePublic": "2018-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Internal Operations). The supported version that is affected is 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "105588",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105588"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MICROS Retail-J",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Internal Operations). The supported version that is affected is 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105588",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105588"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2018-2889",
"datePublished": "2018-10-17T01:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-10-02T19:47:24.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2880 (GCVE-0-2018-2880)
Vulnerability from cvelistv5
Published
2019-04-23 18:16
Modified
2024-10-02 16:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data.
Summary
Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). The supported version that is affected is 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MICROS Retail-J |
Version: 12.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:36:38.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-2880",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T15:53:27.047228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T16:02:15.303Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MICROS Retail-J",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). The supported version that is affected is 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-23T18:16:38",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MICROS Retail-J",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). The supported version that is affected is 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2018-2880",
"datePublished": "2019-04-23T18:16:38",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-10-02T16:02:15.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2887 (GCVE-0-2018-2887)
Vulnerability from cvelistv5
Published
2018-10-17 01:00
Modified
2024-10-02 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data.
Summary
Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). Supported versions that are affected are 13.0.0 and 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MICROS Retail-J |
Version: 13.0.0 Version: 12.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:36:38.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105592",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105592"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-2887",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T18:17:52.464374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T19:47:35.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MICROS Retail-J",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.1.2"
}
]
}
],
"datePublic": "2018-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). Supported versions that are affected are 13.0.0 and 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "105592",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105592"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MICROS Retail-J",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "13.0.0"
},
{
"version_affected": "=",
"version_value": "12.1.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). Supported versions that are affected are 13.0.0 and 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105592"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2018-2887",
"datePublished": "2018-10-17T01:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-10-02T19:47:35.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2750 (GCVE-0-2019-2750)
Vulnerability from cvelistv5
Published
2019-07-23 22:31
Modified
2024-10-15 19:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data as well as unauthorized update, insert or delete access to some of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J.
Summary
Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Internal Operations). Supported versions that are affected are 12.1.0, 12.1.1, 12.1.2 and 13.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data as well as unauthorized update, insert or delete access to some of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MICROS Retail-J |
Version: 12.1.0 Version: 12.1.1 Version: 12.1.2 Version: 13.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:45.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2750",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:30:07.916817Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:00:10.552Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MICROS Retail-J",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "12.1.1"
},
{
"status": "affected",
"version": "12.1.2"
},
{
"status": "affected",
"version": "13.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Internal Operations). Supported versions that are affected are 12.1.0, 12.1.1, 12.1.2 and 13.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data as well as unauthorized update, insert or delete access to some of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data as well as unauthorized update, insert or delete access to some of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-23T22:31:43",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MICROS Retail-J",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.0"
},
{
"version_affected": "=",
"version_value": "12.1.1"
},
{
"version_affected": "=",
"version_value": "12.1.2"
},
{
"version_affected": "=",
"version_value": "13.1"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Internal Operations). Supported versions that are affected are 12.1.0, 12.1.1, 12.1.2 and 13.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data as well as unauthorized update, insert or delete access to some of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data as well as unauthorized update, insert or delete access to some of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2750",
"datePublished": "2019-07-23T22:31:43",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-15T19:00:10.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2882 (GCVE-0-2018-2882)
Vulnerability from cvelistv5
Published
2018-07-18 13:00
Modified
2024-10-02 20:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. While the vulnerability is in MICROS Retail-J, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MICROS Retail-J accessible data.
Summary
Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Interfaces). Supported versions that are affected are 10.2.x, 11.0.x, 12.0.x,12.1.x, 12.1.1.x,12.1.2.x and 13.1.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. While the vulnerability is in MICROS Retail-J, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MICROS Retail-J accessible data. CVSS 3.0 Base Score 7.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N).
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MICROS Retail-J |
Version: 10.2.x Version: 11.0.x Version: 12.0.x Version: 12.1.x Version: 12.1.1.x Version: 12.1.2.x Version: 13.1.x |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:36:38.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104822",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104822"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-2882",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T18:11:41.049697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T20:22:04.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MICROS Retail-J",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "10.2.x"
},
{
"status": "affected",
"version": "11.0.x"
},
{
"status": "affected",
"version": "12.0.x"
},
{
"status": "affected",
"version": "12.1.x"
},
{
"status": "affected",
"version": "12.1.1.x"
},
{
"status": "affected",
"version": "12.1.2.x"
},
{
"status": "affected",
"version": "13.1.x"
}
]
}
],
"datePublic": "2018-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Interfaces). Supported versions that are affected are 10.2.x, 11.0.x, 12.0.x,12.1.x, 12.1.1.x,12.1.2.x and 13.1.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. While the vulnerability is in MICROS Retail-J, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MICROS Retail-J accessible data. CVSS 3.0 Base Score 7.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. While the vulnerability is in MICROS Retail-J, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MICROS Retail-J accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-29T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104822",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MICROS Retail-J",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.2.x"
},
{
"version_affected": "=",
"version_value": "11.0.x"
},
{
"version_affected": "=",
"version_value": "12.0.x"
},
{
"version_affected": "=",
"version_value": "12.1.x"
},
{
"version_affected": "=",
"version_value": "12.1.1.x"
},
{
"version_affected": "=",
"version_value": "12.1.2.x"
},
{
"version_affected": "=",
"version_value": "13.1.x"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Interfaces). Supported versions that are affected are 10.2.x, 11.0.x, 12.0.x,12.1.x, 12.1.1.x,12.1.2.x and 13.1.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. While the vulnerability is in MICROS Retail-J, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MICROS Retail-J accessible data. CVSS 3.0 Base Score 7.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. While the vulnerability is in MICROS Retail-J, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MICROS Retail-J accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2018-2882",
"datePublished": "2018-07-18T13:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-10-02T20:22:04.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2881 (GCVE-0-2018-2881)
Vulnerability from cvelistv5
Published
2018-07-18 13:00
Modified
2024-10-02 20:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J.
Summary
Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Database). Supported versions that are affected are 11.0.x, 12.0.x, 12.1.x, 12.1.1.x, 12.1.2.x and 13.1.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MICROS Retail-J |
Version: 11.0.x Version: 12.0.x Version: 12.1.x Version: 12.1.1.x Version: 12.1.2.x Version: 13.1.x |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:36:38.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104822",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104822"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-2881",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T18:11:42.906233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T20:22:11.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MICROS Retail-J",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "11.0.x"
},
{
"status": "affected",
"version": "12.0.x"
},
{
"status": "affected",
"version": "12.1.x"
},
{
"status": "affected",
"version": "12.1.1.x"
},
{
"status": "affected",
"version": "12.1.2.x"
},
{
"status": "affected",
"version": "13.1.x"
}
]
}
],
"datePublic": "2018-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Database). Supported versions that are affected are 11.0.x, 12.0.x, 12.1.x, 12.1.1.x, 12.1.2.x and 13.1.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-29T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104822",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MICROS Retail-J",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.x"
},
{
"version_affected": "=",
"version_value": "12.0.x"
},
{
"version_affected": "=",
"version_value": "12.1.x"
},
{
"version_affected": "=",
"version_value": "12.1.1.x"
},
{
"version_affected": "=",
"version_value": "12.1.2.x"
},
{
"version_affected": "=",
"version_value": "13.1.x"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Database). Supported versions that are affected are 11.0.x, 12.0.x, 12.1.x, 12.1.1.x, 12.1.2.x and 13.1.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2018-2881",
"datePublished": "2018-07-18T13:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-10-02T20:22:11.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2888 (GCVE-0-2018-2888)
Vulnerability from cvelistv5
Published
2018-07-18 13:00
Modified
2024-10-02 20:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Difficult to exploit vulnerability allows physical access to compromise MICROS Retail-J. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MICROS Retail-J, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MICROS Retail-J accessible data as well as unauthorized access to critical data or complete access to all MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J.
Summary
Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). Supported versions that are affected are 10.2.x, 11.0.x, 12.0.x, 12.1.x, 12.1.1.x,12.1.2.x and 13.1.x. Difficult to exploit vulnerability allows physical access to compromise MICROS Retail-J. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MICROS Retail-J, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MICROS Retail-J accessible data as well as unauthorized access to critical data or complete access to all MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L).
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MICROS Retail-J |
Version: 10.2.x Version: 11.0.x Version: 12.0.x Version: 12.1.x Version: 12.1.1.x Version: 12.1.2.x Version: 13.1.x |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:36:38.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104822",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104822"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-2888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T18:16:51.572136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T20:21:56.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MICROS Retail-J",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "10.2.x"
},
{
"status": "affected",
"version": "11.0.x"
},
{
"status": "affected",
"version": "12.0.x"
},
{
"status": "affected",
"version": "12.1.x"
},
{
"status": "affected",
"version": "12.1.1.x"
},
{
"status": "affected",
"version": "12.1.2.x"
},
{
"status": "affected",
"version": "13.1.x"
}
]
}
],
"datePublic": "2018-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). Supported versions that are affected are 10.2.x, 11.0.x, 12.0.x, 12.1.x, 12.1.1.x,12.1.2.x and 13.1.x. Difficult to exploit vulnerability allows physical access to compromise MICROS Retail-J. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MICROS Retail-J, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MICROS Retail-J accessible data as well as unauthorized access to critical data or complete access to all MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows physical access to compromise MICROS Retail-J. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MICROS Retail-J, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MICROS Retail-J accessible data as well as unauthorized access to critical data or complete access to all MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-29T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104822",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MICROS Retail-J",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.2.x"
},
{
"version_affected": "=",
"version_value": "11.0.x"
},
{
"version_affected": "=",
"version_value": "12.0.x"
},
{
"version_affected": "=",
"version_value": "12.1.x"
},
{
"version_affected": "=",
"version_value": "12.1.1.x"
},
{
"version_affected": "=",
"version_value": "12.1.2.x"
},
{
"version_affected": "=",
"version_value": "13.1.x"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). Supported versions that are affected are 10.2.x, 11.0.x, 12.0.x, 12.1.x, 12.1.1.x,12.1.2.x and 13.1.x. Difficult to exploit vulnerability allows physical access to compromise MICROS Retail-J. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MICROS Retail-J, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MICROS Retail-J accessible data as well as unauthorized access to critical data or complete access to all MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows physical access to compromise MICROS Retail-J. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MICROS Retail-J, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MICROS Retail-J accessible data as well as unauthorized access to critical data or complete access to all MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2018-2888",
"datePublished": "2018-07-18T13:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-10-02T20:21:56.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-10-17 01:31
Modified
2024-11-21 04:04
Severity ?
Summary
Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Internal Operations). The supported version that is affected is 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | Patch, Vendor Advisory | |
| secalert_us@oracle.com | http://www.securityfocus.com/bid/105588 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105588 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | micros_retail-j | 12.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E385DAD-8664-4E19-9FE2-A3D5B5441D27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Internal Operations). The supported version that is affected is 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el componente MICROS Retail-J de Oracle Retail Applications (subcomponente: Internal Operations). La versi\u00f3n compatible afectada es la 12.1.2. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado y con acceso a red por HTTP comprometa MICROS Retail-J. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado a los datos cr\u00edticos o el acceso total a todos los datos accesibles de MICROS Retail-J. CVSS 3.0 Base Score 7.5 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
],
"id": "CVE-2018-2889",
"lastModified": "2024-11-21T04:04:41.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-17T01:31:14.197",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105588"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-18 13:29
Modified
2024-11-21 04:04
Severity ?
Summary
Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Interfaces). Supported versions that are affected are 10.2.x, 11.0.x, 12.0.x,12.1.x, 12.1.1.x,12.1.2.x and 13.1.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. While the vulnerability is in MICROS Retail-J, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MICROS Retail-J accessible data. CVSS 3.0 Base Score 7.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | micros_retail-j | 10.2 | |
| oracle | micros_retail-j | 10.2 | |
| oracle | micros_retail-j | 11.0 | |
| oracle | micros_retail-j | 11.0 | |
| oracle | micros_retail-j | 11.0 | |
| oracle | micros_retail-j | 12.0 | |
| oracle | micros_retail-j | 12.0 | |
| oracle | micros_retail-j | 12.0 | |
| oracle | micros_retail-j | 12.0 | |
| oracle | micros_retail-j | 12.0 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 13.1.1 | |
| oracle | micros_retail-j | 13.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:10.2:sp32:*:*:*:*:*:*",
"matchCriteriaId": "32D7CCDC-55E1-4625-BBA2-DFB437076124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:10.2:sp33:*:*:*:*:*:*",
"matchCriteriaId": "35FF62E2-CA61-48B8-AD74-0D35FA8F803E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:11.0:sp24:*:*:*:*:*:*",
"matchCriteriaId": "887742CB-F0E2-4484-9109-239E83B14E44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:11.0:sp25:*:*:*:*:*:*",
"matchCriteriaId": "60D0C0F0-D505-406B-829E-A5B6A33FB56A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:11.0:sp26:*:*:*:*:*:*",
"matchCriteriaId": "A0866B86-94B9-433C-B235-20A9159190B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.0:sp10:*:*:*:*:*:*",
"matchCriteriaId": "5E557623-7214-4E7F-B369-55C129E1E88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.0:sp11:*:*:*:*:*:*",
"matchCriteriaId": "B78506F9-9577-4576-AFBB-6D2320E9F918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "E16267E6-85EA-4AA5-AC99-5DFD6B818043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.0:sp8:*:*:*:*:*:*",
"matchCriteriaId": "C9981D1D-829E-421E-86B9-315926016C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.0:sp9:*:*:*:*:*:*",
"matchCriteriaId": "AB90699A-E57C-4619-8973-B38882F87DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp1:*:*:*:*:*:*",
"matchCriteriaId": "68F951AE-425C-444E-A240-F2BF191A8535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp2:*:*:*:*:*:*",
"matchCriteriaId": "E4C68B55-3A5F-4E92-A3EF-38DE9C70596A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp3:*:*:*:*:*:*",
"matchCriteriaId": "205D39A9-FF4B-4CF5-BE30-3686C83CC350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp4:*:*:*:*:*:*",
"matchCriteriaId": "B04EBE77-03DC-4DAB-B77C-C5B433241561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp5:*:*:*:*:*:*",
"matchCriteriaId": "77E96C1B-7860-405B-A7F1-5175B508E3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp2:*:*:*:*:*:*",
"matchCriteriaId": "172422A7-781C-4604-9A0C-1BCC41FB121B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp3:*:*:*:*:*:*",
"matchCriteriaId": "EEDDF96E-3838-4B06-8373-B8101BE807DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp4:*:*:*:*:*:*",
"matchCriteriaId": "9DCCDF9D-987A-4108-A5A7-5BE2F4C5FD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp5:*:*:*:*:*:*",
"matchCriteriaId": "CD14D1E4-3FCC-4A69-9B3B-5AF9611AD846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp6:*:*:*:*:*:*",
"matchCriteriaId": "45823552-20F9-4AB6-84B6-9316B73C941E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "4211D47C-9290-46F3-9B49-FD9A516AD269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "936287A7-4366-455C-BA70-316B5177C66D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "5F9F66CA-35FE-43FB-BAE7-5C72692ED622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "EDCD154F-461F-4C4D-A58B-928C9F64FC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:sp8:*:*:*:*:*:*",
"matchCriteriaId": "8C33AFD4-C961-487B-96F1-118562AE40A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:13.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B677E065-F4FE-4FA5-913F-FDA0A0D4D6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:13.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "032A532D-438B-4778-A09B-C2009B07E477",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Interfaces). Supported versions that are affected are 10.2.x, 11.0.x, 12.0.x,12.1.x, 12.1.1.x,12.1.2.x and 13.1.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. While the vulnerability is in MICROS Retail-J, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MICROS Retail-J accessible data. CVSS 3.0 Base Score 7.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el componente MICROS Retail-J de Oracle Retail Applications (subcomponente: Interfaces). Las versiones soportadas que se han visto afectadas son la 10.2.x, 11.0.x, 12.x, 12.1.x, 12.1.1.x, 12.1.2.x y la 13.1.x. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con acceso a red mediante HTTP comprometa MICROS Retail-J. Aunque esta vulnerabilidad est\u00e1 presente en MICROS Retail-J, los ataques podr\u00edan impactar de forma significativa en productos adicionales. Los ataques exitosos de esta vulnerabilidad pueden resultar en el acceso no autorizado de creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n de datos cr\u00edticos o de todos los datos accesibles de MICROS Retail-J. CVSS 3.0 Base Score 7.7 (impactos en la integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N)."
}
],
"id": "CVE-2018-2882",
"lastModified": "2024-11-21T04:04:41.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-18T13:29:00.427",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securityfocus.com/bid/104822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/104822"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-18 13:29
Modified
2024-11-21 04:04
Severity ?
Summary
Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Database). Supported versions that are affected are 11.0.x, 12.0.x, 12.1.x, 12.1.1.x, 12.1.2.x and 13.1.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | micros_retail-j | 11.0 | |
| oracle | micros_retail-j | 11.0 | |
| oracle | micros_retail-j | 11.0 | |
| oracle | micros_retail-j | 12.0 | |
| oracle | micros_retail-j | 12.0 | |
| oracle | micros_retail-j | 12.0 | |
| oracle | micros_retail-j | 12.0 | |
| oracle | micros_retail-j | 12.0 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 13.1.1 | |
| oracle | micros_retail-j | 13.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:11.0:sp24:*:*:*:*:*:*",
"matchCriteriaId": "887742CB-F0E2-4484-9109-239E83B14E44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:11.0:sp25:*:*:*:*:*:*",
"matchCriteriaId": "60D0C0F0-D505-406B-829E-A5B6A33FB56A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:11.0:sp26:*:*:*:*:*:*",
"matchCriteriaId": "A0866B86-94B9-433C-B235-20A9159190B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.0:sp10:*:*:*:*:*:*",
"matchCriteriaId": "5E557623-7214-4E7F-B369-55C129E1E88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.0:sp11:*:*:*:*:*:*",
"matchCriteriaId": "B78506F9-9577-4576-AFBB-6D2320E9F918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "E16267E6-85EA-4AA5-AC99-5DFD6B818043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.0:sp8:*:*:*:*:*:*",
"matchCriteriaId": "C9981D1D-829E-421E-86B9-315926016C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.0:sp9:*:*:*:*:*:*",
"matchCriteriaId": "AB90699A-E57C-4619-8973-B38882F87DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp1:*:*:*:*:*:*",
"matchCriteriaId": "68F951AE-425C-444E-A240-F2BF191A8535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp2:*:*:*:*:*:*",
"matchCriteriaId": "E4C68B55-3A5F-4E92-A3EF-38DE9C70596A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp3:*:*:*:*:*:*",
"matchCriteriaId": "205D39A9-FF4B-4CF5-BE30-3686C83CC350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp4:*:*:*:*:*:*",
"matchCriteriaId": "B04EBE77-03DC-4DAB-B77C-C5B433241561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp5:*:*:*:*:*:*",
"matchCriteriaId": "77E96C1B-7860-405B-A7F1-5175B508E3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp2:*:*:*:*:*:*",
"matchCriteriaId": "172422A7-781C-4604-9A0C-1BCC41FB121B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp3:*:*:*:*:*:*",
"matchCriteriaId": "EEDDF96E-3838-4B06-8373-B8101BE807DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp4:*:*:*:*:*:*",
"matchCriteriaId": "9DCCDF9D-987A-4108-A5A7-5BE2F4C5FD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp5:*:*:*:*:*:*",
"matchCriteriaId": "CD14D1E4-3FCC-4A69-9B3B-5AF9611AD846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp6:*:*:*:*:*:*",
"matchCriteriaId": "45823552-20F9-4AB6-84B6-9316B73C941E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "4211D47C-9290-46F3-9B49-FD9A516AD269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "936287A7-4366-455C-BA70-316B5177C66D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "5F9F66CA-35FE-43FB-BAE7-5C72692ED622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "EDCD154F-461F-4C4D-A58B-928C9F64FC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:sp8:*:*:*:*:*:*",
"matchCriteriaId": "8C33AFD4-C961-487B-96F1-118562AE40A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:13.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B677E065-F4FE-4FA5-913F-FDA0A0D4D6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:13.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "032A532D-438B-4778-A09B-C2009B07E477",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Database). Supported versions that are affected are 11.0.x, 12.0.x, 12.1.x, 12.1.1.x, 12.1.2.x and 13.1.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el componente MICROS Retail-J de Oracle Retail Applications (subcomponente: Database). Las versiones soportadas que se han visto afectadas son la 11.0.x, 12.0.x, 12.1.x, 12.1.1.x, 12.1.2.x y la 13.1.x. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios y acceso a red por HTTP comprometa MICROS Retail-J. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado a la actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de algunos de los datos accesibles de MICROS Retail-J, as\u00ed como el acceso de lectura sin autorizaci\u00f3n a un subconjunto de datos accesibles de MICROS Retail-J. Adem\u00e1s, esto puede dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de MICROS Retail-J. CVSS 3.0 Base Score 6.3 (Impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."
}
],
"id": "CVE-2018-2881",
"lastModified": "2024-11-21T04:04:40.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-18T13:29:00.380",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securityfocus.com/bid/104822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/104822"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-18 13:29
Modified
2024-11-21 04:04
Severity ?
Summary
Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). Supported versions that are affected are 10.2.x, 11.0.x, 12.0.x, 12.1.x, 12.1.1.x,12.1.2.x and 13.1.x. Difficult to exploit vulnerability allows physical access to compromise MICROS Retail-J. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MICROS Retail-J, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MICROS Retail-J accessible data as well as unauthorized access to critical data or complete access to all MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | micros_retail-j | 10.2 | |
| oracle | micros_retail-j | 10.2 | |
| oracle | micros_retail-j | 11.0 | |
| oracle | micros_retail-j | 11.0 | |
| oracle | micros_retail-j | 11.0 | |
| oracle | micros_retail-j | 12.0 | |
| oracle | micros_retail-j | 12.0 | |
| oracle | micros_retail-j | 12.0 | |
| oracle | micros_retail-j | 12.0 | |
| oracle | micros_retail-j | 12.0 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 12.1 | |
| oracle | micros_retail-j | 13.1.1 | |
| oracle | micros_retail-j | 13.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:10.2:sp32:*:*:*:*:*:*",
"matchCriteriaId": "32D7CCDC-55E1-4625-BBA2-DFB437076124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:10.2:sp33:*:*:*:*:*:*",
"matchCriteriaId": "35FF62E2-CA61-48B8-AD74-0D35FA8F803E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:11.0:sp24:*:*:*:*:*:*",
"matchCriteriaId": "887742CB-F0E2-4484-9109-239E83B14E44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:11.0:sp25:*:*:*:*:*:*",
"matchCriteriaId": "60D0C0F0-D505-406B-829E-A5B6A33FB56A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:11.0:sp26:*:*:*:*:*:*",
"matchCriteriaId": "A0866B86-94B9-433C-B235-20A9159190B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.0:sp10:*:*:*:*:*:*",
"matchCriteriaId": "5E557623-7214-4E7F-B369-55C129E1E88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.0:sp11:*:*:*:*:*:*",
"matchCriteriaId": "B78506F9-9577-4576-AFBB-6D2320E9F918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "E16267E6-85EA-4AA5-AC99-5DFD6B818043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.0:sp8:*:*:*:*:*:*",
"matchCriteriaId": "C9981D1D-829E-421E-86B9-315926016C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.0:sp9:*:*:*:*:*:*",
"matchCriteriaId": "AB90699A-E57C-4619-8973-B38882F87DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp1:*:*:*:*:*:*",
"matchCriteriaId": "68F951AE-425C-444E-A240-F2BF191A8535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp2:*:*:*:*:*:*",
"matchCriteriaId": "E4C68B55-3A5F-4E92-A3EF-38DE9C70596A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp3:*:*:*:*:*:*",
"matchCriteriaId": "205D39A9-FF4B-4CF5-BE30-3686C83CC350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp4:*:*:*:*:*:*",
"matchCriteriaId": "B04EBE77-03DC-4DAB-B77C-C5B433241561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp5:*:*:*:*:*:*",
"matchCriteriaId": "77E96C1B-7860-405B-A7F1-5175B508E3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp2:*:*:*:*:*:*",
"matchCriteriaId": "172422A7-781C-4604-9A0C-1BCC41FB121B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp3:*:*:*:*:*:*",
"matchCriteriaId": "EEDDF96E-3838-4B06-8373-B8101BE807DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp4:*:*:*:*:*:*",
"matchCriteriaId": "9DCCDF9D-987A-4108-A5A7-5BE2F4C5FD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp5:*:*:*:*:*:*",
"matchCriteriaId": "CD14D1E4-3FCC-4A69-9B3B-5AF9611AD846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp6:*:*:*:*:*:*",
"matchCriteriaId": "45823552-20F9-4AB6-84B6-9316B73C941E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "4211D47C-9290-46F3-9B49-FD9A516AD269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "936287A7-4366-455C-BA70-316B5177C66D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "5F9F66CA-35FE-43FB-BAE7-5C72692ED622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "EDCD154F-461F-4C4D-A58B-928C9F64FC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:sp8:*:*:*:*:*:*",
"matchCriteriaId": "8C33AFD4-C961-487B-96F1-118562AE40A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:13.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B677E065-F4FE-4FA5-913F-FDA0A0D4D6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:13.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "032A532D-438B-4778-A09B-C2009B07E477",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). Supported versions that are affected are 10.2.x, 11.0.x, 12.0.x, 12.1.x, 12.1.1.x,12.1.2.x and 13.1.x. Difficult to exploit vulnerability allows physical access to compromise MICROS Retail-J. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MICROS Retail-J, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MICROS Retail-J accessible data as well as unauthorized access to critical data or complete access to all MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el componente MICROS Retail-J de Oracle Retail Applications (subcomponente: Back Office). Las versiones soportadas que se han visto afectadas son la 10.2.x, 11.0.x, 12.0.x, 12.1.x, 12.1.1.x,12.1.2.x y la 13.1.x. Esta vulnerabilidad dif\u00edcilmente explotable permite el acceso f\u00edsico para comprometer MICROS Retail-J. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en MICROS Retail-J, los ataques podr\u00edan afectar ligeramente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la creaci\u00f3n, supresi\u00f3n o modificaci\u00f3n sin autorizaci\u00f3n de datos de un nivel de importancia cr\u00edtico o de todos los datos accesibles de MICROS Retail-J, as\u00ed como el acceso no autorizado a datos de suma importancia o un acceso completo a todos los datos accesibles de MICROS Retail-J. Adem\u00e1s, esto podr\u00eda dar lugar a que un atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de MICROS Retail-J. CVSS 3.0 Base Score 6.7 (Impactos de confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L)."
}
],
"id": "CVE-2018-2888",
"lastModified": "2024-11-21T04:04:41.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 0.2,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-18T13:29:00.477",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securityfocus.com/bid/104822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/104822"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-23 23:15
Modified
2024-11-21 04:41
Severity ?
Summary
Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Internal Operations). Supported versions that are affected are 12.1.0, 12.1.1, 12.1.2 and 13.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data as well as unauthorized update, insert or delete access to some of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | micros_retail-j | 12.1.0 | |
| oracle | micros_retail-j | 12.1.1 | |
| oracle | micros_retail-j | 12.1.2 | |
| oracle | micros_retail-j | 13.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65034F09-B30E-4CAD-B0AE-FBB16F142AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A2D379-F7FA-4C6D-B9B4-31C8A20E4790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E385DAD-8664-4E19-9FE2-A3D5B5441D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BAB69B2-11D9-4FF0-A64E-984F35E30133",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Internal Operations). Supported versions that are affected are 12.1.0, 12.1.1, 12.1.2 and 13.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data as well as unauthorized update, insert or delete access to some of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente MICROS Retail-J de Retail Applications de Oracle (subcomponente: Internal Operations). Las versiones compatibles que est\u00e1n afectadas son 12.1.0, 12.1.1, 12.1.2 y 13.1. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a MICROS Retail-J. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en acceso no autorizado a datos cr\u00edticos o acceso completo a todos los datos accesibles de MICROS Retail-J, as\u00ed como en actualizaciones no autorizadas, insertar o eliminar el acceso de algunos de los datos accesibles de MICROS Retail-J y en la capacidad no autorizada de causar una denegaci\u00f3n de servicio parcial (DOS parcial) de MICROS Retail-J. CVSS 3.0 Puntuaci\u00f3n Base 8.6 (Impactos de confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)."
}
],
"id": "CVE-2019-2750",
"lastModified": "2024-11-21T04:41:28.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-23T23:15:39.037",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-23 19:32
Modified
2024-11-21 04:04
Severity ?
Summary
Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). The supported version that is affected is 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | micros_retail-j | 12.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E385DAD-8664-4E19-9FE2-A3D5B5441D27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). The supported version that is affected is 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MICROS Retail-J accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el componente MICROS Retail-J de Oracle Retail Applications (subcomponente: Back Office). La versi\u00f3n compatible que se ve afectada es 12.1.2. Vulnerabilidad de f\u00e1cil operaci\u00f3n que permite a un atacante no identificado con acceso a la red por medio de HTTP comprometer a MICROS Retail-J. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en acceso no autorizado a datos cr\u00edticos o acceso completo a todos los datos accesibles de MICROS Retail-J. CVSS versi\u00f3n 3.0 Puntuaci\u00f3n Base 7.5 (Impactos de confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
],
"id": "CVE-2018-2880",
"lastModified": "2024-11-21T04:04:40.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-23T19:32:02.427",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-17 01:31
Modified
2024-11-21 04:04
Severity ?
Summary
Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). Supported versions that are affected are 13.0.0 and 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | Patch, Vendor Advisory | |
| secalert_us@oracle.com | http://www.securityfocus.com/bid/105592 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105592 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | micros_retail-j | 12.1.2 | |
| oracle | micros_retail-j | 13.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E385DAD-8664-4E19-9FE2-A3D5B5441D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:micros_retail-j:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19A39E46-AC19-400A-978B-7440FB5AE63D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). Supported versions that are affected are 13.0.0 and 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el componente MICROS Retail-J de Oracle Retail Applications (subcomponente: Back Office). Las versiones compatibles que se han visto afectadas son la 13.0.0 y la 12.1.2. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado y con acceso a red por HTTP comprometa MICROS Retail-J. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado a la actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de algunos de los datos accesibles de MICROS Retail-J, as\u00ed como el acceso de lectura sin autorizaci\u00f3n a un subconjunto de datos accesibles de MICROS Retail-J. CVSS 3.0 Base Score 6.5 (impactos en la confidencialidad e integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)."
}
],
"id": "CVE-2018-2887",
"lastModified": "2024-11-21T04:04:41.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-17T01:31:14.087",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105592"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}