Oracle Retail Integration Bus 13.2

CPE Details

Oracle Retail Integration Bus 13.2
oracle
retail_integration_bus
13.2
2019-05-29
16h02 +00:00
2019-05-29
16h02 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:oracle:retail_integration_bus:13.2:*:*:*:*:*:*:*

Informations

Vendor

oracle

Product

retail_integration_bus

Version

13.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2018-2876 2018-04-19 00h00 +00:00 Vulnerability in the Oracle Retail Integration Bus component of Oracle Retail Applications (subcomponent: RIB Kernal(Apache Commons Collections)). The supported version that is affected is 13.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Integration Bus, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Integration Bus accessible data as well as unauthorized read access to a subset of Oracle Retail Integration Bus accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Integration Bus. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).
7.1
High
CVE-2016-3444 2016-07-21 08h00 +00:00 Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.1, and 15.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Install.
9.8
Critical
CVE-2016-5476 2016-07-21 08h00 +00:00 Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Install.
7.6
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.