Oracle Hospitality Cruise Materials Management Vulnerability in Oracle Applications
CVE-2017-10401

8.7HIGH

Key Information:

Vendor: Oracle
Status: Hospitality Cruise Materials Management
Vendor: CVE Published:; 19 October 2017

Summary

A vulnerability exists in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications, specifically in the MMSUpdater subcomponent. This flaw enables a low-privileged attacker with access to the underlying infrastructure to exploit the system. The vulnerability allows for unauthorized actions such as the creation, deletion, or modification of critical data within the Oracle Hospitality Cruise Materials Management system. Additionally, it can grant unauthorized read access to sensitive data and may lead to a denial of service by causing the system to hang or frequently crash. The flaw has far-reaching implications, potentially affecting various other products associated with Oracle Hospitality.

Affected Version(s)

Hospitality Cruise Materials Management 7.30.564.0

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101453

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 19, 2017
Vulnerability Reserved
Jun 21, 2017