Vulnerability in Oracle Hospitality Simphony First Edition Venue Management
CVE-2017-10076

6.4MEDIUM

Key Information:

Vendor

Oracle
Status
Hospitality Simphony First Edition Venue Management
Vendor
CVE Published:
8 August 2017

What is CVE-2017-10076?

A security vulnerability exists within the Oracle Hospitality Simphony First Edition Venue Management module, allowing low-privileged attackers with network access to exploit the system through HTTP. This vulnerability could lead to unauthorized modifications, deletions, and readings of accessible data, compromising the integrity and confidentiality of the information stored within the system. Although primarily associated with Venue Management, the risk stemming from this vulnerability may extend to other related Oracle Hospitality products, emphasizing the necessity for timely patching and robust security measures.

Affected Version(s)

Hospitality Simphony First Edition Venue Management 3.9

References

http://www.securitytracker.com/id/1038941
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99666
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.