Japan Vulnerability NotesJVN:37376131JVN#37376131: Multiple vulnerabilities in ORCA(Online Receipt Computer Advantage)
0.001 Low
EPSS
Percentile
32.1%
ORCA(Online Receipt Computer Advantage) provided by ORCA Management Organization Co., Ltd contains vulnerabilities listed below.
OS command injection** (CWE-78) - CVE-2018-0643**
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L | Base Score: 4.1 |
| CVSS v2 | AV:A/AC:M/Au:S/C:P/I:P/A:P | Base Score: 4.9 |
Buffer overflow (CWE-119) - CVE-2018-0644
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | Base Score: 5.5 |
| CVSS v2 | AV:A/AC:L/Au:S/C:P/I:P/A:P | Base Score: 5.2 |
Impact
The possible impact of each vulnerability is as follows:
CVE-2018-0643
-
A user with access to the network that is connected to the affected product may execute an arbitrary command on the product
CVE-2018-0644 -
If a user opens a specially crafted file while logged into the affected product, that may result in a denial-of-service (DoS) condition.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
Products Affected
CVE-2018-0643
-
Ubuntu14.04 ORCA(Online Receipt Computer Advantage)4.8.0(panda-server) 1:1.4.9+p41-u4jma1 and earlier
CVE-2018-0644 -
Ubuntu14.04 ORCA(Online Receipt Computer Advantage)4.8.0(panda-client2) 1:1.4.9+p41-u4jma1 and earlier
-
Ubuntu14.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u4jma1 and earlier
-
Ubuntu16.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u5jma1 and earlier
Related
