Vulnerability in Oracle Hospitality Simphony First Edition Component
CVE-2018-2851

8.1HIGH

Key Information:

Vendor
Oracle
Vendor
CVE Published:
19 April 2018

Summary

A vulnerability exists in the Oracle Hospitality Simphony First Edition, specifically within its Enterprise Management Console. This flaw allows a low-privileged attacker with network access via HTTP to compromise the system. Successful exploitation could lead to unauthorized actions such as the creation, deletion, or modification of critical data. Attackers may gain complete access to all data accessible via the Oracle Hospitality Simphony First Edition, making it imperative for organizations using affected versions 1.6 and 1.7 to implement necessary security measures.

Affected Version(s)

Hospitality Simphony First Edition 1.6

Hospitality Simphony First Edition 1.7

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.