Vulnerability in Oracle Hospitality Applications Reporting and Analytics Component
CVE-2017-10403

8HIGH

Key Information:

Vendor: Oracle
Status: Hospitality Reporting And Analytics
Vendor: CVE Published:; 19 October 2017

Summary

A vulnerability exists in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications. It affects versions 8.5.1 and 9.0.0, allowing a low privileged attacker with network access via HTTP to exploit the system. Successful exploitation of this vulnerability requires human interaction from a third party, potentially leading to unauthorized control of the affected application. While specific to Reporting and Analytics, the impact could extend to other components, raising significant security concerns regarding data confidentiality, integrity, and overall system availability. The vulnerability primarily arises from improper input validation, thus necessitating prompt attention and remediation to prevent possible compromise.

Affected Version(s)

Hospitality Reporting and Analytics 8.5.1

Hospitality Reporting and Analytics 9.0.0

References

http://www.securityfocus.com/bid/101399

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 19, 2017
Vulnerability Reserved
Jun 21, 2017