WebConnect Vulnerability in Oracle Hospitality Applications
CVE-2017-10050

8.2HIGH

Key Information:

Vendor: Oracle
Status: Hospitality Suite8
Vendor: CVE Published:; 19 October 2017

Summary

A vulnerability exists in the Oracle Hospitality Suite8 component of Oracle's Hospitality Applications, specifically within the WebConnect subcomponent. This flaw allows an unauthenticated attacker with network access via HTTP to compromise the system. Exploiting this vulnerability requires human interaction from a user, potentially leading to unauthorized access to critical and sensitive data managed by the Hospitality Suite8. Successful exploitation may enable the attacker to gain complete control over accessible data, facilitating unauthorized updates, inserts, or deletions of data within the system. The implications of this vulnerability extend beyond the Hospitality Suite8, potentially affecting other related products.

Affected Version(s)

Hospitality Suite8 8.10.1

Hospitality Suite8 8.10.2

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101363

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 19, 2017
Vulnerability Reserved
Jun 21, 2017