Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). Supported versions that are affected are 10.2.x, 11.0.x, 12.0.x, 12.1.x, 12.1.1.x,12.1.2.x and 13.1.x. Difficult to exploit vulnerability allows physical access to compromise MICROS Retail-J. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MICROS Retail-J, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MICROS Retail-J accessible data as well as unauthorized access to critical data or complete access to all MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L).

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Physical

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Oracle
  • Micros Retail-j

Configuration 1 [-]

OR cpe:2.3:a:oracle:micros_retail-j:10.2:sp32:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:10.2:sp33:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:11.0:sp24:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:11.0:sp25:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:11.0:sp26:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:12.0:sp10:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:12.0:sp11:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:12.0:sp7:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:12.0:sp8:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:12.0:sp9:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp1:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp2:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp3:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp4:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp5:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp2:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp3:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp4:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp5:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp6:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:12.1:sp4:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:12.1:sp5:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:12.1:sp6:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:12.1:sp7:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:12.1:sp8:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:13.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail-j:13.1.2:*:*:*:*:*:*:*

No data.

References
Link Providers
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html cve-icon cve-icon
http://www.securityfocus.com/bid/104822 cve-icon cve-icon
History

Wed, 02 Oct 2024 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2018-07-18T13:00:00

Updated: 2024-10-02T20:21:56.717Z

Reserved: 2017-12-15T00:00:00

Link: CVE-2018-2888

cve-icon Vulnrichment

Updated: 2024-08-05T04:36:38.288Z

cve-icon NVD

Status : Modified

Published: 2018-07-18T13:29:00.477

Modified: 2024-11-21T04:04:41.397

Link: CVE-2018-2888

cve-icon Redhat

No data.