Vulnerability in Oracle Hospitality Cruise Materials Management Software
CVE-2017-10229

5.4MEDIUM

Key Information:

Vendor
Oracle
Status
Hospitality Cruise Materials Management
Vendor
CVE Published:
8 August 2017

Summary

The vulnerability in Oracle Hospitality Cruise Materials Management’s Event Viewer component allows a low-privileged attacker with network access through HTTP to manipulate the system. A successful exploit could lead to unauthorized updates, insertions, or deletions of data, as well as unauthorized read access to specific data subsets. This flaw exposes sensitive data and poses a significant risk to the integrity and confidentiality of the information managed by the application.

Affected Version(s)

Hospitality Cruise Materials Management 7.30.562

References

http://www.securityfocus.com/bid/99691
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038941
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.