Vulnerability in Oracle Hospitality Cruise Fleet Management by Oracle
CVE-2018-2701

7.6HIGH

Key Information:

Vendor: Oracle
Status: Hospitality Cruise Fleet Management
Vendor: CVE Published:; 18 January 2018

Summary

A vulnerability exists in the Oracle Hospitality Cruise Fleet Management system that can be exploited by users with low privileges and network access via HTTP. Though requiring human interaction for successful exploitation, this flaw can lead to significant unauthorized access to sensitive data. Attackers may be able to manipulate data, including updating, inserting, or deleting entries within the system, ultimately undermining the integrity and confidentiality of the data stored in Oracle Hospitality Cruise Fleet Management.

Affected Version(s)

Hospitality Cruise Fleet Management 9.0.4.0

References

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/102554

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 18, 2018
Vulnerability Reserved
Dec 15, 2017