Vulnerability-Lookup

CNVD-2017-26785

Vulnerability from cnvd - Published: 2017-09-15

Title

Oracle Retail Xstore Point of Service远程漏洞

Description

Oracle Retail Applications是美国甲骨文（Oracle）公司的一套零售应用商店解决方案。Oracle Retail Xstore Point of Service是其中的一个零售服务点管理组件。 Oracle Retail Applications中的Retail Xstore Point of Service组件的Point of Sale子组件存在安全漏洞。远程攻击者可利用该漏洞控制组件，影响数据的保密性、完整性和可用性。

Severity

中

Patch Name

Oracle Retail Xstore Point of Service远程漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Reference

http://www.securityfocus.com/bid/99727 https://nvd.nist.gov/vuln/detail/CVE-2017-10183

Impacted products

Name
['Oracle Retail Xstore Point of Service 6.0.x', 'Oracle Retail Xstore Point of Service 6.5.x', 'Oracle Retail Xstore Point of Service 7.0.x', 'Oracle Retail Xstore Point of Service 7.1.x', 'Oracle Retail Xstore Point of Service 15.0.x', 'Oracle Retail Xstore Point of Service 16.0.0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99727"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-10183"
    }
  },
  "description": "Oracle Retail Applications\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u96f6\u552e\u5e94\u7528\u5546\u5e97\u89e3\u51b3\u65b9\u6848\u3002Oracle Retail Xstore Point of Service\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u96f6\u552e\u670d\u52a1\u70b9\u7ba1\u7406\u7ec4\u4ef6\u3002\r\n\r\nOracle Retail Applications\u4e2d\u7684Retail Xstore Point of Service\u7ec4\u4ef6\u7684Point of Sale\u5b50\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236\u7ec4\u4ef6\uff0c\u5f71\u54cd\u6570\u636e\u7684\u4fdd\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u3002",
  "discovererName": "Oracle",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-26785",
  "openTime": "2017-09-15",
  "patchDescription": "Oracle Retail Applications\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u96f6\u552e\u5e94\u7528\u5546\u5e97\u89e3\u51b3\u65b9\u6848\u3002Oracle Retail Xstore Point of Service\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u96f6\u552e\u670d\u52a1\u70b9\u7ba1\u7406\u7ec4\u4ef6\u3002\r\n\r\nOracle Retail Applications\u4e2d\u7684Retail Xstore Point of Service\u7ec4\u4ef6\u7684Point of Sale\u5b50\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236\u7ec4\u4ef6\uff0c\u5f71\u54cd\u6570\u636e\u7684\u4fdd\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle Retail Xstore Point of Service\u8fdc\u7a0b\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Oracle Retail Xstore Point of Service 6.0.x",
      "Oracle Retail Xstore Point of Service  6.5.x",
      "Oracle Retail Xstore Point of Service  7.0.x",
      "Oracle Retail Xstore Point of Service  7.1.x",
      "Oracle Retail Xstore Point of Service  15.0.x",
      "Oracle Retail Xstore Point of Service  16.0.0"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/99727\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10183",
  "serverity": "\u4e2d",
  "submitTime": "2017-08-02",
  "title": "Oracle Retail Xstore Point of Service\u8fdc\u7a0b\u6f0f\u6d1e"
}

CVE-2017-10183 (GCVE-0-2017-10183)

Vulnerability from cvelistv5 – Published: 2017-08-08 15:00 – Updated: 2024-10-04 17:11

Summary

Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Point of Sale). Supported versions that are affected are 6.0.x, 6.5.x, 7.0.x, 7.1.x, 15.0.x and 16.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. While the vulnerability is in Oracle Retail Xstore Point of Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Xstore Point of Service accessible data as well as unauthorized read access to a subset of Oracle Retail Xstore Point of Service accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Point of Service. CVSS 3.0 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L).

Severity ?

No CVSS data available.

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. While the vulnerability is in Oracle Retail Xstore Point of Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Xstore Point of Service accessible data as well as unauthorized read access to a subset of Oracle Retail Xstore Point of Service accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Point of Service.

Assigner

oracle

References

3 references

URL	Tags
http://www.securityfocus.com/bid/99727	vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038944	vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	Retail Xstore Point of Service	Affected: 6.0.x Affected: 6.5.x Affected: 7.0.x Affected: 7.1.x Affected: 15.0.x Affected: 16.0.0

Date Public ?

2017-07-18 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:33:16.688Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99727",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99727"
          },
          {
            "name": "1038944",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038944"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-10183",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T15:50:53.241615Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T17:11:30.311Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Retail Xstore Point of Service",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.x"
            },
            {
              "status": "affected",
              "version": "6.5.x"
            },
            {
              "status": "affected",
              "version": "7.0.x"
            },
            {
              "status": "affected",
              "version": "7.1.x"
            },
            {
              "status": "affected",
              "version": "15.0.x"
            },
            {
              "status": "affected",
              "version": "16.0.0"
            }
          ]
        }
      ],
      "datePublic": "2017-07-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Point of Sale). Supported versions that are affected are 6.0.x, 6.5.x, 7.0.x, 7.1.x, 15.0.x and 16.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. While the vulnerability is in Oracle Retail Xstore Point of Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Xstore Point of Service accessible data as well as unauthorized read access to a subset of Oracle Retail Xstore Point of Service accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Point of Service. CVSS 3.0 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service.  While the vulnerability is in Oracle Retail Xstore Point of Service, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Retail Xstore Point of Service accessible data as well as  unauthorized read access to a subset of Oracle Retail Xstore Point of Service accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Point of Service.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-09T09:57:01.000Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "99727",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99727"
        },
        {
          "name": "1038944",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038944"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-10183",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Retail Xstore Point of Service",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "6.0.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "6.5.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.0.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "15.0.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "16.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Point of Sale). Supported versions that are affected are 6.0.x, 6.5.x, 7.0.x, 7.1.x, 15.0.x and 16.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. While the vulnerability is in Oracle Retail Xstore Point of Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Xstore Point of Service accessible data as well as unauthorized read access to a subset of Oracle Retail Xstore Point of Service accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Point of Service. CVSS 3.0 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service.  While the vulnerability is in Oracle Retail Xstore Point of Service, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Retail Xstore Point of Service accessible data as well as  unauthorized read access to a subset of Oracle Retail Xstore Point of Service accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Point of Service."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99727",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99727"
            },
            {
              "name": "1038944",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038944"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-10183",
    "datePublished": "2017-08-08T15:00:00.000Z",
    "dateReserved": "2017-06-21T00:00:00.000Z",
    "dateUpdated": "2024-10-04T17:11:30.311Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-26785

CVE-2017-10183 (GCVE-0-2017-10183)

Tags

Sightings

Nomenclature