Vulnerability in Oracle Hospitality OPERA 5 Component
CVE-2017-3568

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Hospitality Opera 5 Property Services
Vendor: CVE Published:; 24 April 2017

Summary

The vulnerability impacts the Oracle Hospitality OPERA 5 Property Services, allowing an unauthenticated attacker with logon credentials in the infrastructure to compromise the service. Successful exploitation can result in unauthorized access, creation, deletion, or modification of critical data, alongside a risk of causing a partial denial of service. The vulnerability requires human interaction from a separate user to facilitate the attack and affects various versions of the product.

Affected Version(s)

Hospitality OPERA 5 Property Services 5.4.0.x

Hospitality OPERA 5 Property Services 5.4.1.x

Hospitality OPERA 5 Property Services 5.4.2.x

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97835

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2017
Vulnerability Reserved
Dec 6, 2016