VDB

OSA-38663548

OSA-38663548 PUBLISHED CVSS 7.5 HIGH

Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Point of Sale (Jakarta Mail)). Supported versions that are affected are 21.0.5 and 22.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Xstore Point of Service accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Timeline

  • Apr 24, 2026 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›