Exploitable Vulnerability in Oracle Hospitality Cruise AffairWhere
CVE-2017-10396

9.9CRITICAL

Key Information:

Vendor: Oracle
Status: Hospitality Cruise Affairwhere
Vendor: CVE Published:; 19 October 2017

What is CVE-2017-10396?

The vulnerability in Oracle Hospitality Cruise AffairWhere could allow an attacker with low privileges, who has logged into the infrastructure where the application operates, to compromise the application. This requires some level of human interaction from a person other than the attacker. Despite being specific to the Cruise AffairWhere component, successful exploitation can also affect additional linked applications, leading to severe consequences.

Affected Version(s)

Hospitality Cruise AffairWhere 2.2.5.0

Hospitality Cruise AffairWhere 2.2.6.0

Hospitality Cruise AffairWhere 2.2.7.0

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101440

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 19, 2017
Vulnerability Reserved
Jun 21, 2017