Lucene search

OracleCVE-2024-21136

HistoryJul 16, 2024 - 11:15 p.m.

CVE-2024-21136

2024-07-1623:15:14

oracle

web.nvd.nist.gov

oracle retail xstore office

vulnerability

unauthorized access.

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

48.3%

JSON

Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Security). Supported versions that are affected are 19.0.5, 20.0.3, 20.0.4, 22.0.0 and 23.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Office. While the vulnerability is in Oracle Retail Xstore Office, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Office accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Affected configurations

Nvd

Vulners

Node

oracleretail_xstore_officeMatch19.0.5

oracleretail_xstore_officeMatch20.0.3

oracleretail_xstore_officeMatch20.0.4

oracleretail_xstore_officeMatch22.0.0

oracleretail_xstore_officeMatch23.0.1

VendorProductVersionCPE
oracleretail_xstore_office19.0.5cpe:2.3:a:oracle:retail_xstore_office:19.0.5:*:*:*:*:*:*:*
oracleretail_xstore_office20.0.3cpe:2.3:a:oracle:retail_xstore_office:20.0.3:*:*:*:*:*:*:*
oracleretail_xstore_office20.0.4cpe:2.3:a:oracle:retail_xstore_office:20.0.4:*:*:*:*:*:*:*
oracleretail_xstore_office22.0.0cpe:2.3:a:oracle:retail_xstore_office:22.0.0:*:*:*:*:*:*:*
oracleretail_xstore_office23.0.1cpe:2.3:a:oracle:retail_xstore_office:23.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	retail_xstore_office	19.0.5	cpe:2.3:a:oracle:retail_xstore_office:19.0.5:::::::*
oracle	retail_xstore_office	20.0.3	cpe:2.3:a:oracle:retail_xstore_office:20.0.3:::::::*
oracle	retail_xstore_office	20.0.4	cpe:2.3:a:oracle:retail_xstore_office:20.0.4:::::::*
oracle	retail_xstore_office	22.0.0	cpe:2.3:a:oracle:retail_xstore_office:22.0.0:::::::*
oracle	retail_xstore_office	23.0.1	cpe:2.3:a:oracle:retail_xstore_office:23.0.1:::::::*

CNA Affected

[
  {
    "vendor": "Oracle Corporation",
    "product": "Retail Xstore Office",
    "versions": [
      {
        "version": "19.0.5",
        "status": "affected"
      },
      {
        "version": "20.0.3",
        "status": "affected"
      },
      {
        "version": "20.0.4",
        "status": "affected"
      },
      {
        "version": "22.0.0",
        "status": "affected"
      },
      {
        "version": "23.0.1",
        "status": "affected"
      }
    ]
  }
]

References

www.oracle.com/security-alerts/cpujul2024.html

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

48.3%

JSON

Related for CVE-2024-21136