CVE-2024-21136 Scanner
CVE-2024-21136 Scanner - Pre-authenticated Path Traversal vulnerability in Oracle Retail Xstore Suite
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
9 days 4 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
Oracle Retail Xstore Suite is a comprehensive point of sale (POS) solution used by retailers to manage transactions, inventory, and customer relationships. The system is widely implemented across retail environments to streamline operations, including store management and sales operations. Oracle Retail Xstore Office is a component of the suite that focuses on the back-end management of retail operations. The software is used by businesses of all sizes to handle everything from sales reporting to stock management. It offers flexibility, scalability, and integration with various Oracle and third-party services. Retailers rely on the system to manage customer data, product information, and business analytics. Its wide adoption makes it a critical component in retail IT infrastructures.
This vulnerability in Oracle Retail Xstore Suite allows unauthenticated attackers to exploit a path traversal flaw in the Oracle Retail Xstore Office component. The flaw enables attackers to access files outside the intended directory, potentially gaining unauthorized access to critical data stored on the server. The vulnerability is easily exploitable via HTTP requests, which makes it highly accessible to attackers. While the vulnerability is primarily located in Oracle Retail Xstore Office, it may also impact other products within the Oracle Retail suite, depending on the configuration. Exploiting this flaw can allow an attacker to gain unauthorized access to sensitive information or even execute further attacks against the server.
The vulnerability arises from the improper handling of file paths within the Oracle Retail Xstore Office component. An attacker can send a specially crafted GET request to the server that includes directory traversal characters (e.g., `..\..\..\..\`) in the `imageId` parameter. This allows the attacker to access files outside of the intended directory, such as system files like `win.ini` on Windows servers. When successful, the attacker may retrieve sensitive files, which could lead to further exploits, including privilege escalation or data theft. The lack of authentication required for this attack makes it particularly dangerous, as any unauthenticated user with network access can attempt to exploit it.
REFERENCES
