Vulnerability in Oracle Hospitality Cruise Fleet Management
CVE-2017-10398

8.4HIGH

Key Information:

Vendor: Oracle
Status: Hospitality Cruise Fleet Management
Vendor: CVE Published:; 19 October 2017

What is CVE-2017-10398?

This vulnerability resides in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications and can be exploited by a low-privileged attacker who has logged onto the infrastructure. This flaw allows for unauthorized creation, deletion, or modification of critical data within the Oracle Hospitality Cruise Fleet Management system. While it primarily affects this specific component, successful exploitation may also impact additional products connected to the infrastructure. The consequences of such an attack can lead to significant breaches of confidentiality and integrity, compromising all data accessible through the system.

Affected Version(s)

Hospitality Cruise Fleet Management 9.0.2.0

References

http://www.securityfocus.com/bid/101452

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 19, 2017
Vulnerability Reserved
Jun 21, 2017