Lucene search
K
OracleMicros Lucas

5 matches found

CVE
CVE
added 2017/10/03 3:0 p.m.1605 views

CVE-2017-12617

CVE-2017-12617 concerns Apache Tomcat JSP upload via HTTP PUT when readonly=false and PUTs are allowed. Affected: Tomcat 7.x/8.x/9.x (various 7.0.0–7.0.81, 8.0.0.RC1–8.0.46, 8.5.0–8.5.22, 9.0.0.M1–9.0.0) with PUT enabled. Root cause: PUT request handling allowed uploading a JSP, enabling remote c...

8.1CVSS7.5AI score0.99988EPSS
In wild
CVE
CVE
added 2018/05/11 8:0 p.m.251 views

CVE-2018-1258

CVE-2018-1258 affects Spring Framework 5.0.5 when used with any Spring Security version, enabling an authorization bypass for method security. An unauthorized user could access restricted methods. The connected advisory from F5 reiterates the same vulnerability description and lists affected prod...

8.8CVSS9AI score0.02427EPSS
CVE
CVE
added 2018/06/25 3:0 p.m.182 views

CVE-2018-11039

CVE-2018-11039 affects the Spring Framework, where the HiddenHttpMethodFilter in Spring MVC allows web apps to change the HTTP request method to any method (including TRACE). This can enable an attacker with an existing XSS vulnerability to escalate to an XST (Cross Site Tracing) attack. Affected...

5.9CVSS6.9AI score0.02781EPSS
CVE
CVE
added 2018/06/25 3:0 p.m.137 views

CVE-2018-11040

CVE-2018-11040 affects Spring Framework: 5.0.x before 5.0.7 and 4.3.x before 4.3.18 (and older unsupported versions). The issue arises because JSONP support can be enabled via JSONP parameters when MappingJackson2JsonView is configured, allowing cross-domain requests through AbstractJsonpResponse...

7.5CVSS8.3AI score0.03244EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.55 views

CVE-2018-3120

CVE-2018-3120 affects Oracle Retail Applications MICROS Lucas, specifically the Security subcomponent, with affected versions 2.9.5.6 and 2.9.5.7. The vulnerability is exploitable by a low-privileged attacker who can access the system over HTTP, enabling takeover of MICROS Lucas. The CVE’s connec...

7.5CVSS7.5AI score0.0117EPSS