CVE-2016-0438

Published on: 01/20/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:14 PM UTC

AV:L/AC:M/Au:N/C:P/I:N/A:N

Certain versions of Retail Applications from Oracle contain the following vulnerability:

Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0436, and CVE-2016-0437.

CVSS2 Score: 1.9 - LOW

Access
Vector
Access
Complexity
Authentication
LOCAL MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
Oracle Retail Applications Multiple Flaws Let Remote and Local Users Access and Modify Data and Let Remote Users Deny Service - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1034718
Oracle Critical Patch Update - January 2016 Vendor Advisory
www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationOracleRetail Applications13.4AllAllAll
ApplicationOracleRetail Applications14.0AllAllAll
ApplicationOracleRetail Applications14.1AllAllAll
ApplicationOracleRetail Applications13.4AllAllAll
ApplicationOracleRetail Applications14.0AllAllAll
ApplicationOracleRetail Applications14.1AllAllAll
  • cpe:2.3:a:oracle:retail_applications:13.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_applications:14.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_applications:14.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_applications:13.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_applications:14.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_applications:14.1:*:*:*:*:*:*:*: