CVE-2024-21136
CVSS 3.1 Score 8.6 of 10 (high)
Details
Summary
CVE-2024-21136 is a newly identified vulnerability affecting the Oracle Retail Xstore Office product of Oracle Retail Applications. Affected versions include 19.0.5, 20.0.3, 20.0.4, 22.0.0, and 23.0.1. This issue allows unauthenticated attackers with network access via HTTP to exploit the vulnerability, which is located within the Security component of Oracle Retail Xstore Office. The consequences of a successful attack can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Office accessible data. The vulnerability has a base score of 8.6 (Confidentiality impacts) according to CVSS 3.1. It is important to note that while the vulnerability is in Oracle Retail Xstore Office, the impact may extend to other connected products.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Oracle Retail Xstore Office
Affected Vendors
- BonqDAO