Retail Xstore Point Of Service
CVE-2018-3126
MEDIUM
Severity by source
AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xenvironment). Supported versions that are affected are 15.0.2, 16.0.4 and 17.0.2. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
AnalysisAI
Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xenvironment). Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.
Technical ContextAI
Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xenvironment). Supported versions that are affected are 15.0.2, 16.0.4 and 17.0.2. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). Affected products include: Oracle Retail Xstore Point Of Service.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, rela
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is po
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, rela
XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerabili
XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.9), this vulnerabi
XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerabi
XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerabi
XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerabi
XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerabi
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, rela
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, rela
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today