Unauthenticated Access Vulnerability in Oracle Hospitality Simphony by Oracle
CVE-2017-10340

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Hospitality Simphony
Vendor: CVE Published:; 19 October 2017

Summary

An unauthenticated access vulnerability exists in the Oracle Hospitality Simphony component of Oracle Hospitality Applications, affecting versions 2.8 and 2.9. This vulnerability allows attackers with network access to leverage HTTP to compromise the system. Successful exploitation can lead to unauthorized updates, insertions, or deletions of data within Oracle Hospitality Simphony. Notably, exploits require human interaction from a third party, potentially allowing attackers to gain unauthorized read access to sensitive data in the application. It's crucial for users to understand the risks associated with this vulnerability and take proactive measures to safeguard their systems.

Affected Version(s)

Hospitality Simphony 2.8

Hospitality Simphony 2.9

References

http://www.securityfocus.com/bid/101356

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 19, 2017
Vulnerability Reserved
Jun 21, 2017