CVE-2018-3120
First published: Tue Apr 23 2019(Updated: )
Vulnerability in the MICROS Lucas component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 2.9.5.6 and 2.9.5.7. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Lucas. Successful attacks of this vulnerability can result in takeover of MICROS Lucas. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Micros Lucas | =2.9.5.6 | |
| Oracle Micros Lucas | =2.9.5.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2018-3120.
What is the affected component?
The affected component is the MICROS Lucas component of Oracle Retail Applications.
What versions of the affected software are vulnerable?
Versions 2.9.5.6 and 2.9.5.7 of the MICROS Lucas component are vulnerable.
How can the vulnerability be exploited?
The vulnerability can be exploited by a low privileged attacker with network access via HTTP to compromise MICROS Lucas.
What is the severity of the vulnerability?
The severity of the vulnerability is high with a CVSS score of 7.5.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/oracle
- canonical/oracle micros lucas
- version/oracle micros lucas/2.9.5.6
- version/oracle micros lucas/2.9.5.7