Vulnerability in Oracle Hospitality Applications' Suite8 Component
CVE-2017-10420

6.4MEDIUM

Key Information:

Vendor: Oracle
Status: Hospitality Suite8
Vendor: CVE Published:; 19 October 2017

Summary

A vulnerability exists in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications, which allows attackers with low privileges and network access via HTTP to exploit the system. Affected versions, including 8.10.1 and 8.10.2, may experience unauthorized updates, inserts, or deletions of data. The exploitation can lead to significant impacts, including the unauthorized alteration of accessible data and the potential for partial denial of service, thereby affecting the overall functionality of Oracle Hospitality Suite8. Attackers may leverage this vulnerability to compromise the application's security, making it crucial for organizations to evaluate their exposure and apply necessary updates.

Affected Version(s)

Hospitality Suite8 8.10.1

Hospitality Suite8 8.10.2

References

http://www.securityfocus.com/bid/101323

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 19, 2017
Vulnerability Reserved
Jun 21, 2017