Vulnerability in Oracle Hospitality Simphony First Edition
CVE-2018-2847

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Hospitality Simphony First Edition
Vendor: CVE Published:; 19 April 2018

What is CVE-2018-2847?

The Oracle Hospitality Simphony First Edition component has a vulnerability that allows attackers with network access via HTTP to potentially breach the system. This threat targets versions 1.6 and 1.7, enabling low-privileged attackers to gain unauthorized access to sensitive information stored within the application. Exploiting this vulnerability can compromise critical data and provide the attacker with extensive access to all data that is accessible within the Oracle Hospitality Simphony framework.

Affected Version(s)

Hospitality Simphony First Edition 1.6

Hospitality Simphony First Edition 1.7

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/103904

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 19, 2018
Vulnerability Reserved
Dec 15, 2017