OSA-38663548
Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Point of Sale (Jakarta Mail)). Supported versions that are affected are 21.0.5 and 22.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Xstore Point of Service accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Risk Scores
Timeline
- Apr 24, 2026 CVE Published