Vulnerability in Oracle Hospitality Guest Access Component
CVE-2017-10372

8.7HIGH

Key Information:

Vendor: Oracle
Status: Hospitality Guest Access
Vendor: CVE Published:; 19 October 2017

Summary

A vulnerability exists in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications, affecting versions 4.2.0 and 4.2.1. This flaw allows a high-privileged attacker with network access via HTTP to exploit the Guest Access service. The implications of this vulnerability are severe, as successful exploitation can lead to unauthorized creation, deletion, or modification of critical data accessible through the Guest Access interface. Furthermore, attackers could induce frequent crashes or operational downtime, severely impacting the availability and functionality of Oracle Hospitality Guest Access and potentially other interconnected products.

Affected Version(s)

Hospitality Guest Access 4.2.0

Hospitality Guest Access 4.2.1

References

http://www.securityfocus.com/bid/101427

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 19, 2017
Vulnerability Reserved
Jun 21, 2017