Oracle Retail Point-of-service 13.4

CPE Details

Oracle Retail Point-of-service 13.4
oracle
retail_point-of-service
13.4
2016-02-17
16h55 +00:00
2016-02-17
16h55 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:oracle:retail_point-of-service:13.4:*:*:*:*:*:*:*

Informations

Vendor

oracle

Product

retail_point-of-service

Version

13.4

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-2558 2019-04-23 16h16 +00:00 Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Infrastructure). Supported versions that are affected are 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Point-of-Service. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Point-of-Service accessible data as well as unauthorized read access to a subset of Oracle Retail Point-of-Service accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Point-of-Service. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).
7.3
High
CVE-2018-8013 2018-05-24 16h00 +00:00 In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
9.8
Critical