Retail Xstore Point Of Service
CVE-2017-10214
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xstore Office). Supported versions that are affected are 6.0.x, 6.5.x, 7.0.x, 7.1.x, 15.0.x and 16.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Point of Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Point of Service accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).
AnalysisAI
Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xstore Office). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xstore Office). Supported versions that are affected are 6.0.x, 6.5.x, 7.0.x, 7.1.x, 15.0.x and 16.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Point of Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Point of Service accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). Affected products include: Oracle Retail Xstore Point Of Service.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, rela
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is po
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, rela
XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerabili
XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.9), this vulnerabi
XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerabi
XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerabi
XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerabi
XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerabi
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, rela
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, rela
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today