Vulnerability in Oracle Hospitality Applications Reporting Component
CVE-2017-10402

10CRITICAL

Key Information:

Vendor: Oracle
Status: Hospitality Reporting And Analytics
Vendor: CVE Published:; 19 October 2017

What is CVE-2017-10402?

An unauthenticated network access vulnerability has been identified in the Reporting and Analytics component of Oracle Hospitality Applications. Versions 8.5.1 and 9.0.0 are impacted, which could allow an attacker with network access via HTTP to exploit the vulnerability. Successful exploitation could lead to a complete takeover of the Reporting and Analytics component, thereby compromising its confidentiality, integrity, and availability. This vulnerability poses a significant risk, not only to Oracle Hospitality Reporting and Analytics but potentially to related products within the ecosystem.

Affected Version(s)

Hospitality Reporting and Analytics 8.5.1

Hospitality Reporting and Analytics 9.0.0

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101407

vdb-entryx_refsource_BID

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 19, 2017
Vulnerability Reserved
Jun 21, 2017