Vulnerability in Oracle Hospitality Suite8 Allows Unauthorized Access
CVE-2018-2827

7.6HIGH

Key Information:

Vendor: Oracle
Status: Hospitality Suite8
Vendor: CVE Published:; 19 April 2018

Summary

A vulnerability exists within the Oracle Hospitality Suite8 component of Oracle Hospitality Applications, specifically within the Profile subcomponent. This flaw can be exploited by an attacker with low privileges who has network access via HTTP. While the exploitation requires human interaction from a non-attacker, successful attempts could lead to unauthorized access to sensitive data. This vulnerability may also allow attackers to insert, update, or delete data, as well as potentially cause disruptions such as crashes or denial of service (DOS) conditions for users accessing Oracle Hospitality Suite8.

Affected Version(s)

Hospitality Suite8 8.x

References

http://www.securityfocus.com/bid/103914

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2018
Vulnerability Reserved
Dec 15, 2017