JVN#37376131
Multiple vulnerabilities in ORCA(Online Receipt Computer Advantage)

Overview

ORCA(Online Receipt Computer Advantage) provided by ORCA Management Organization Co., Ltd contains multiple vulnerabilities.

Products Affected

CVE-2018-0643

• Ubuntu14.04 ORCA(Online Receipt Computer Advantage)4.8.0(panda-server) 1:1.4.9+p41-u4jma1 and earlier

• Ubuntu14.04 ORCA(Online Receipt Computer Advantage)4.8.0(panda-client2) 1:1.4.9+p41-u4jma1 and earlier
• Ubuntu14.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u4jma1 and earlier
• Ubuntu16.04 ORCA(Online Receipt Computer Advantage)5.0.0(panda-client2) 1:2.0.0+p48-u5jma1 and earlier

Description

ORCA(Online Receipt Computer Advantage) provided by ORCA Management Organization Co., Ltd contains vulnerabilities listed below.

• OS command injection (CWE-78) - CVE-2018-0643

  CVSS v3	CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L	Base Score: 4.1
  CVSS v2	AV:A/AC:M/Au:S/C:P/I:P/A:P	Base Score: 4.9

• Buffer overflow (CWE-119) - CVE-2018-0644

  CVSS v3	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	Base Score: 5.5
  CVSS v2	AV:A/AC:L/Au:S/C:P/I:P/A:P	Base Score: 5.2

Impact

The possible impact of each vulnerability is as follows:

CVE-2018-0643

• A user with access to the network that is connected to the affected product may execute an arbitrary command on the product

• If a user opens a specially crafted file while logged into the affected product, that may result in a denial-of-service (DoS) condition.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.