Information Disclosure and Data Manipulation Vulnerability in Oracle Hospitality Applications
CVE-2017-10223

5.4MEDIUM

Key Information:

Vendor
Oracle
Status
Hospitality Materials Control
Vendor
CVE Published:
8 August 2017

Summary

The vulnerability in Oracle Hospitality Materials Control enables a low privileged attacker with network access via HTTP to compromise the system. Exploitation of this flaw may result in unauthorized updates, inserts, or deletions of accessible data, alongside unauthorized read access to some data within Oracle Hospitality Materials Control. The issue primarily affects versions 8.31.4 and 8.32.0, posing risks to data integrity and confidentiality. Organizations using these affected versions should consider immediate remediation measures.

Affected Version(s)

Hospitality Materials Control 8.31.4

Hospitality Materials Control 8.32.0

References

http://www.securityfocus.com/bid/99704
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038941
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.