CVE-2018-2862

3 documents3 sources

Severity

7.1HIGH

EPSS

0.3%

top 44.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Retail Point-of-service Oracle Retail Point-of-service

Timeline

PublishedApr 19

Latest updateMay 13

Description

Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: User Interface). Supported versions that are affected are 13.3.8, 13.4.9, 14.0.4 and 14.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Point-of-Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Point-of-Service accessible d…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

▶NVDoracle/retail_point-of-service4 versions+3

▶CVEListV5oracle_corporation/retail_point-of-service4 versions+3

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-5fg4-p46p-w9g4: Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: User Interface)↗2022-05-13

▶

CVEList

CVE-2018-2862: Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: User Interface)↗2018-04-19

▶