Unauthorized Access Vulnerability in Oracle Hospitality Applications
CVE-2017-10397

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Hospitality Cruise Fleet Management
Vendor: CVE Published:; 19 October 2017

Summary

A vulnerability exists in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications, allowing unauthenticated attackers with network access via HTTP to gain unauthorized access to sensitive data. Exploitation of this flaw necessitates human interaction from a victim, enabling attacks that may facilitate unauthorized data updates, insertions, or deletions. Additionally, attackers can access a subset of data without proper authorization, thereby endangering data confidentiality and integrity.

Affected Version(s)

Hospitality Cruise Fleet Management 9.0.2.0

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101447

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 19, 2017
Vulnerability Reserved
Jun 21, 2017