Unauthorized Access Vulnerability in Oracle Hospitality Suite8
CVE-2017-10421

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Hospitality Suite8
Vendor: CVE Published:; 19 October 2017

Summary

A vulnerability exists in the Oracle Hospitality Suite8, specifically within the Leisure component, affecting versions 8.10.1 and 8.10.2. This flaw allows an attacker with low privileges and network access via HTTP to exploit the system, potentially resulting in unauthorized access to sensitive data. If successfully exploited, this vulnerability could lead to the disclosure of critical information, emphasizing the need for immediate attention and remediation to protect data integrity and confidentiality.

Affected Version(s)

Hospitality Suite8 8.10.1

Hospitality Suite8 8.10.2

References

http://www.securityfocus.com/bid/101320

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 19, 2017
Vulnerability Reserved
Jun 21, 2017