Oracle Hospitality Applications Vulnerability in Guest Access Component
CVE-2018-2606

6.2MEDIUM

Key Information:

Vendor: Oracle
Status: Hospitality Guest Access
Vendor: CVE Published:; 18 January 2018

Summary

An unauthenticated attacker with access to the infrastructure executing Oracle Hospitality Guest Access can exploit a vulnerability in the Guest Access component of Oracle Hospitality Applications. This allows the attacker to gain unauthorized access to sensitive data, posing a significant risk of data compromise. It is essential for users to ensure they are running supported versions to mitigate this risk effectively.

Affected Version(s)

Hospitality Guest Access 4.2.0

Hospitality Guest Access 4.2.1

References

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/102579

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 18, 2018
Vulnerability Reserved
Dec 15, 2017