VDB
OSA-2021-44832-jul2022
OSA-2021-44832-jul2022
PUBLISHED
CVSS 6.599999904632568 MEDIUM
Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Log4j)). Supported versions that are affected are 17.0.4, 18.0.3, 19.0.2, 20.0.1 and 21.0.1. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
Risk Scores
CVSS 3.1
6.599999904632568
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploit Intelligence
- A vulnerable Spring Boot application that uses log4j and is vulnerable to CVE-2021-44228, CVE-2021-44832, CVE-2021-45046 and CVE-2021-45105 (github-poc-repo)
- Discover Log4Shell vulnerability [CVE-2021-44832] (github-poc-repo)
- CVE-2021-42287/CVE-2021-42278/OTHER Scanner & Exploiter. (github-poc-repo)
- Fastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excellent performance and low memory footprint. (github-poc-repo)
Timeline
- Oct 31, 2022 CVE Published