Unauthenticated Network Vulnerability in Oracle Hospitality OPERA 5 Property Services
CVE-2018-2955

5.3MEDIUM

Key Information:

Vendor

Oracle
Status
Hospitality Opera 5 Property Services
Vendor
CVE Published:
18 July 2018

What is CVE-2018-2955?

A vulnerability exists in the Oracle Hospitality OPERA 5 Property Services component, specifically within the Integration subcomponent. This vulnerability allows an unauthenticated attacker to exploit network access via HTTP, potentially compromising the data integrity of Oracle Hospitality applications. Successful exploitation can lead to unauthorized read access to sensitive data, which poses significant privacy risks to affected systems. Organizations using version 5.5.x of Oracle Hospitality OPERA should assess their security measures and apply necessary patches to mitigate this vulnerability.

Affected Version(s)

Hospitality OPERA 5 Property Services 5.5.x

References

http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104809
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041300
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.