{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-13T16:54:18.308","vulnerabilities":[{"cve":{"id":"CVE-2018-3111","sourceIdentifier":"secalert_us@oracle.com","published":"2019-07-23T23:15:33.490","lastModified":"2024-11-21T04:05:11.753","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Retail Xstore Office component of Oracle Retail Applications (subcomponent: Internal Operations). The supported version that is affected is 7.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Office. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Office accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Office accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Office. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Retail Xstore Office de Retail Applications de Oracle (subcomponente: Internal Operations). La versión compatible que está afectada es la 7.1. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle Retail Xstore Office. Los ataques con éxito requieren la interacción humana de otra persona distinta al atacante. Los ataques con éxito de esta vulnerabilidad pueden resultar en un acceso no autorizado a datos críticos o un acceso completo a todos los datos accesibles de Oracle Retail Xstore Office, así como en actualizaciones no autorizadas, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Retail Xstore Office y en la capacidad no autorizada de causar una denegación de servicio parcial (DOS parcial) de Oracle Retail Xstore Office. CVSS 3.0 Puntuación Base 7.6 (Impactos de confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_office:7.1:*:*:*:*:*:*:*","matchCriteriaId":"AA37ADB7-FE80-421E-8711-461E212AB38B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}