ORCA(Online Receipt Computer Advantage) provided by ORCA Management Organization Co., Ltd contains vulnerabilities listed below.
OS command injection** (CWE-78) - CVE-2018-0643**
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L | Base Score: 4.1 |
CVSS v2 | AV:A/AC:M/Au:S/C:P/I:P/A:P | Base Score: 4.9 |
Buffer overflow (CWE-119) - CVE-2018-0644
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | Base Score: 5.5 |
CVSS v2 | AV:A/AC:L/Au:S/C:P/I:P/A:P | Base Score: 5.2 |
The possible impact of each vulnerability is as follows:
CVE-2018-0643
A user with access to the network that is connected to the affected product may execute an arbitrary command on the product
CVE-2018-0644
If a user opens a specially crafted file while logged into the affected product, that may result in a denial-of-service (DoS) condition.
Update the software
Update the software to the latest version according to the information provided by the developer.
CVE-2018-0643
Ubuntu14.04 ORCA(Online Receipt Computer Advantage)4.8.0(panda-server) 1:1.4.9+p41-u4jma1 and earlier
CVE-2018-0644
Ubuntu14.04 ORCA(Online Receipt Computer Advantage)4.8.0(panda-client2) 1:1.4.9+p41-u4jma1 and earlier
Ubuntu14.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u4jma1 and earlier
Ubuntu16.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u5jma1 and earlier