Unauthenticated Access Vulnerability in Oracle Hospitality Suite8 by Oracle
CVE-2017-10318

4.7MEDIUM

Key Information:

Vendor: Oracle
Status: Hospitality Suite8
Vendor: CVE Published:; 19 October 2017

Summary

A vulnerability exists in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications, specifically in the WebConnect subcomponent. This flaw allows unauthenticated attackers to exploit HTTP access and potentially gain unauthorized read access to certain data within Oracle Hospitality Suite8. Successful attacks on this vulnerability necessitate human interaction from a user other than the attacker, which can complicate mitigation efforts. Although the vulnerability is confined to Oracle Hospitality Suite8, impacts may extend to other related products, amplifying the risk to sensitive information.

Affected Version(s)

Hospitality Suite8 8.10.1

Hospitality Suite8 8.10.2

References

http://www.securityfocus.com/bid/101343

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 19, 2017
Vulnerability Reserved
Jun 21, 2017