CVE-2016-3429

low-risk

Published 2016-04-21

Unspecified vulnerability in the Oracle Retail Xstore Point of Service component in Oracle Retail Applications 5.0, 5.5, 6.0, 6.5, 7.0, and 7.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Xstore Services.

Do I need to act?

0.22% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.5/10 Medium

PHYSICAL / HIGH complexity

Affected Products (6)

Retail Xstore Point Of Service

Affected Vendors

Oracle

References (4)

Vendor Advisory http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

http://www.securitytracker.com/id/1035600

Vendor Advisory http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

http://www.securitytracker.com/id/1035600

/ 100

low-risk

Severity 12/34 · Low

Exploitability 1/34 · Minimal

Exposure 13/34 · Low