Vulnerability in Oracle Hospitality Cruise Fleet Management
CVE-2017-10398

8.4HIGH

Key Information:

Vendor
Oracle
Status
Hospitality Cruise Fleet Management
Vendor
CVE Published:
19 October 2017

Summary

This vulnerability resides in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications and can be exploited by a low-privileged attacker who has logged onto the infrastructure. This flaw allows for unauthorized creation, deletion, or modification of critical data within the Oracle Hospitality Cruise Fleet Management system. While it primarily affects this specific component, successful exploitation may also impact additional products connected to the infrastructure. The consequences of such an attack can lead to significant breaches of confidentiality and integrity, compromising all data accessible through the system.

Affected Version(s)

Hospitality Cruise Fleet Management 9.0.2.0

References

http://www.securityfocus.com/bid/101452
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.