Unauthenticated Access Vulnerability in Oracle Hospitality Reporting and Analytics
CVE-2018-2669

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Hospitality Reporting And Analytics
Vendor: CVE Published:; 18 January 2018

Summary

This vulnerability exists in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications, impacting versions 8.5.1 and 9.0.0. It allows an unauthenticated attacker with network access via HTTP to potentially compromise the system. Exploiting this vulnerability necessitates human interaction from a third party, which heightens the risk as attacks could lead to unauthorized read, update, insert, or delete operations on accessible data. The implication of attacks may extend to other Oracle Hospitality products, posing significant risks to data integrity and confidentiality.

Affected Version(s)

Hospitality Reporting and Analytics 8.5.1

Hospitality Reporting and Analytics 9.0.0

References

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/102570

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 18, 2018
Vulnerability Reserved
Dec 15, 2017