Vulnerability in Oracle Hospitality Guest Access Component of Oracle Applications
CVE-2017-10375

4.6MEDIUM

Key Information:

Vendor: Oracle
Status: Hospitality Guest Access
Vendor: CVE Published:; 19 October 2017

Summary

The Oracle Hospitality Guest Access component in specific versions of Oracle Hospitality Applications is susceptible to an input validation error. This vulnerability allows an attacker with limited privileges and network access via HTTP to execute attacks that require user interaction from a third party. Successful exploits can lead to unauthorized modifications, including updates, inserts, or deletions of accessible data within the Oracle Hospitality Guest Access. Additionally, the vulnerability may enable unauthorized reading of certain data, compromising confidentiality and integrity. Organizations utilizing affected versions are advised to implement appropriate safeguards.

Affected Version(s)

Hospitality Guest Access 4.2.0

Hospitality Guest Access 4.2.1

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101434

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 19, 2017
Vulnerability Reserved
Jun 21, 2017