CVE-2018-3126

{"id": "CVE-2018-3126", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.7}]}, "published": "2018-10-17T01:31:15.433", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/105596", "tags": ["VDB Entry", "Third Party Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xenvironment). Supported versions that are affected are 15.0.2, 16.0.4 and 17.0.2. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)."}, {"lang": "es", "value": "Vulnerabilidad en el componente Oracle Retail Xstore Point of Service de Oracle Retail Applications (subcomponente: Xenvironment). Las versiones soportadas que se han visto afectadas son la 15.0.2, 16.0.4 y la 17.0.2. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante con muchos privilegios que tenga acceso a red por HTTP comprometa la seguridad de Oracle Retail Xstore Point of Service. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Oracle Retail Xstore Point of Service. CVSS 3.0 Base Score 6.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99648F94-55A1-494E-BB74-E8A31E98F9FE"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CF48DB4-DF14-4502-8697-84BA2D4A64AC"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05A16098-3001-4917-9F1C-D5C4C0EC78DF"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}