{"containers": {"cna": {"affected": [{"product": "MICROS Retail-J", "vendor": "Oracle Corporation", "versions": [{"status": "affected", "version": "11.0.x"}, {"status": "affected", "version": "12.0.x"}, {"status": "affected", "version": "12.1.x"}, {"status": "affected", "version": "12.1.1.x"}, {"status": "affected", "version": "12.1.2.x"}, {"status": "affected", "version": "13.1.x"}]}], "datePublic": "2018-03-27T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Database). Supported versions that are affected are 11.0.x, 12.0.x, 12.1.x, 12.1.1.x, 12.1.2.x and 13.1.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."}], "problemTypes": [{"descriptions": [{"description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-07-29T09:57:01.000Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"name": "104822", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104822"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2018-2881", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MICROS Retail-J", "version": {"version_data": [{"version_affected": "=", "version_value": "11.0.x"}, {"version_affected": "=", "version_value": "12.0.x"}, {"version_affected": "=", "version_value": "12.1.x"}, {"version_affected": "=", "version_value": "12.1.1.x"}, {"version_affected": "=", "version_value": "12.1.2.x"}, {"version_affected": "=", "version_value": "13.1.x"}]}}]}, "vendor_name": "Oracle Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Database). Supported versions that are affected are 11.0.x, 12.0.x, 12.1.x, 12.1.1.x, 12.1.2.x and 13.1.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J."}]}]}, "references": {"reference_data": [{"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"name": "104822", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104822"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T04:36:38.427Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"name": "104822", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104822"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-02T18:11:42.906233Z", "id": "CVE-2018-2881", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T20:22:11.958Z"}}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2018-2881", "datePublished": "2018-07-18T13:00:00.000Z", "dateReserved": "2017-12-15T00:00:00.000Z", "dateUpdated": "2024-10-02T20:22:11.958Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/104822", "name": "104822", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T04:36:38.427Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-2881", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-02T18:11:42.906233Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T18:12:02.241Z"}}], "cna": {"affected": [{"vendor": "Oracle Corporation", "product": "MICROS Retail-J", "versions": [{"status": "affected", "version": "11.0.x"}, {"status": "affected", "version": "12.0.x"}, {"status": "affected", "version": "12.1.x"}, {"status": "affected", "version": "12.1.1.x"}, {"status": "affected", "version": "12.1.2.x"}, {"status": "affected", "version": "13.1.x"}]}], "datePublic": "2018-03-27T00:00:00.000Z", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.securityfocus.com/bid/104822", "name": "104822", "tags": ["vdb-entry", "x_refsource_BID"]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Database). Supported versions that are affected are 11.0.x, 12.0.x, 12.1.x, 12.1.1.x, 12.1.2.x and 13.1.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J."}]}], "providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2018-07-29T09:57:01.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "11.0.x", "version_affected": "="}, {"version_value": "12.0.x", "version_affected": "="}, {"version_value": "12.1.x", "version_affected": "="}, {"version_value": "12.1.1.x", "version_affected": "="}, {"version_value": "12.1.2.x", "version_affected": "="}, {"version_value": "13.1.x", "version_affected": "="}]}, "product_name": "MICROS Retail-J"}]}, "vendor_name": "Oracle Corporation"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/104822", "name": "104822", "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Database). Supported versions that are affected are 11.0.x, 12.0.x, 12.1.x, 12.1.1.x, 12.1.2.x and 13.1.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J."}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-2881", "STATE": "PUBLIC", "ASSIGNER": "secalert_us@oracle.com"}}}}, "cveMetadata": {"cveId": "CVE-2018-2881", "state": "PUBLISHED", "dateUpdated": "2024-10-02T20:22:11.958Z", "dateReserved": "2017-12-15T00:00:00.000Z", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "datePublished": "2018-07-18T13:00:00.000Z", "assignerShortName": "oracle"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:micros_retail-j:11.0:sp24:*:*:*:*:*:*", "matchCriteriaId": "887742CB-F0E2-4484-9109-239E83B14E44", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:11.0:sp25:*:*:*:*:*:*", "matchCriteriaId": "60D0C0F0-D505-406B-829E-A5B6A33FB56A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:11.0:sp26:*:*:*:*:*:*", "matchCriteriaId": "A0866B86-94B9-433C-B235-20A9159190B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.0:sp10:*:*:*:*:*:*", "matchCriteriaId": "5E557623-7214-4E7F-B369-55C129E1E88D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.0:sp11:*:*:*:*:*:*", "matchCriteriaId": "B78506F9-9577-4576-AFBB-6D2320E9F918", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.0:sp7:*:*:*:*:*:*", "matchCriteriaId": "E16267E6-85EA-4AA5-AC99-5DFD6B818043", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.0:sp8:*:*:*:*:*:*", "matchCriteriaId": "C9981D1D-829E-421E-86B9-315926016C74", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.0:sp9:*:*:*:*:*:*", "matchCriteriaId": "AB90699A-E57C-4619-8973-B38882F87DF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp1:*:*:*:*:*:*", "matchCriteriaId": "68F951AE-425C-444E-A240-F2BF191A8535", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp2:*:*:*:*:*:*", "matchCriteriaId": "E4C68B55-3A5F-4E92-A3EF-38DE9C70596A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp3:*:*:*:*:*:*", "matchCriteriaId": "205D39A9-FF4B-4CF5-BE30-3686C83CC350", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp4:*:*:*:*:*:*", "matchCriteriaId": "B04EBE77-03DC-4DAB-B77C-C5B433241561", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp1_sp5:*:*:*:*:*:*", "matchCriteriaId": "77E96C1B-7860-405B-A7F1-5175B508E3B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp2:*:*:*:*:*:*", "matchCriteriaId": "172422A7-781C-4604-9A0C-1BCC41FB121B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp3:*:*:*:*:*:*", "matchCriteriaId": "EEDDF96E-3838-4B06-8373-B8101BE807DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp4:*:*:*:*:*:*", "matchCriteriaId": "9DCCDF9D-987A-4108-A5A7-5BE2F4C5FD44", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp5:*:*:*:*:*:*", "matchCriteriaId": "CD14D1E4-3FCC-4A69-9B3B-5AF9611AD846", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:fp2_sp6:*:*:*:*:*:*", "matchCriteriaId": "45823552-20F9-4AB6-84B6-9316B73C941E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "4211D47C-9290-46F3-9B49-FD9A516AD269", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:sp5:*:*:*:*:*:*", "matchCriteriaId": "936287A7-4366-455C-BA70-316B5177C66D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:sp6:*:*:*:*:*:*", "matchCriteriaId": "5F9F66CA-35FE-43FB-BAE7-5C72692ED622", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:sp7:*:*:*:*:*:*", "matchCriteriaId": "EDCD154F-461F-4C4D-A58B-928C9F64FC39", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:12.1:sp8:*:*:*:*:*:*", "matchCriteriaId": "8C33AFD4-C961-487B-96F1-118562AE40A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:13.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B677E065-F4FE-4FA5-913F-FDA0A0D4D6A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail-j:13.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "032A532D-438B-4778-A09B-C2009B07E477", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Database). Supported versions that are affected are 11.0.x, 12.0.x, 12.1.x, 12.1.1.x, 12.1.2.x and 13.1.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Retail-J accessible data as well as unauthorized read access to a subset of MICROS Retail-J accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Retail-J. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."}, {"lang": "es", "value": "Vulnerabilidad en el componente MICROS Retail-J de Oracle Retail Applications (subcomponente: Database). Las versiones soportadas que se han visto afectadas son la 11.0.x, 12.0.x, 12.1.x, 12.1.1.x, 12.1.2.x y la 13.1.x. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios y acceso a red por HTTP comprometa MICROS Retail-J. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado a la actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de algunos de los datos accesibles de MICROS Retail-J, as\u00ed como el acceso de lectura sin autorizaci\u00f3n a un subconjunto de datos accesibles de MICROS Retail-J. Adem\u00e1s, esto puede dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de MICROS Retail-J. CVSS 3.0 Base Score 6.3 (Impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."}], "id": "CVE-2018-2881", "lastModified": "2024-11-21T04:04:40.870", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-18T13:29:00.380", "references": [{"source": "secalert_us@oracle.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"source": "secalert_us@oracle.com", "url": "http://www.securityfocus.com/bid/104822"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/104822"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}