Denial of Service Vulnerability in Oracle Hospitality Applications
CVE-2018-2607

4.9MEDIUM

Key Information:

Vendor: Oracle
Status: Hospitality Guest Access
Vendor: CVE Published:; 18 January 2018

Summary

A vulnerability exists in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications, specifically in version 4.2.1. This security flaw can be easily exploited by attackers with high privilege and network access via HTTP. Successfully leveraging this vulnerability may lead to unauthorized actions, such as causing the application to hang or consistently crash, resulting in a denial of service condition for users of Oracle Hospitality Guest Access.

Affected Version(s)

Hospitality Guest Access 4.2.1

References

http://www.securityfocus.com/bid/102580

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 18, 2018
Vulnerability Reserved
Dec 15, 2017