Vulnerability in Oracle Hospitality OPERA 5 Property Services Component by Oracle
CVE-2017-10182

4.4MEDIUM

Key Information:

Vendor
Oracle
Status
Hospitality Opera 5 Property Services
Vendor
CVE Published:
8 August 2017

Summary

A vulnerability exists in the Oracle Hospitality OPERA 5 Property Services component, specifically related to the OPERA Export Functionality. This issue can be exploited by attackers with high privileges and network access through HTTP, potentially allowing them to gain unauthorized access to sensitive information. Effectively targeting the supported versions 5.4.0.x, 5.4.1.x, and 5.4.3.x, attackers might compromise the integrity and confidentiality of crucial data stored within the OPERA 5 system. Successful exploitation of this vulnerability raises significant security concerns, highlighting the necessity for organizations utilizing these versions to implement proper security measures.

Affected Version(s)

Hospitality OPERA 5 Property Services 5.4.0.x

Hospitality OPERA 5 Property Services 5.4.1.x

Hospitality OPERA 5 Property Services 5.4.3.x

References

http://www.securitytracker.com/id/1038941
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99725
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.