Vulnerability in Oracle Hospitality OPERA 5 Property Services by Oracle
CVE-2018-2956

8.1HIGH

Key Information:

Vendor

Oracle
Status
Hospitality Opera 5 Property Services
Vendor
CVE Published:
18 July 2018

What is CVE-2018-2956?

An unauthenticated access vulnerability exists in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications, specifically impacting version 5.5.x. This flaw permits an attacker who has logged into the infrastructure where the product runs to compromise its services. While the direct vulnerability resides within the OPERA 5 Property Services, its successful exploitation can lead to severe implications, including the potential takeover of the services. This vulnerability poses risks to confidentiality, integrity, and availability, affecting not only the OPERA service but potentially other integrated applications within the environment.

Affected Version(s)

Hospitality OPERA 5 Property Services 5.5.x

References

http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041300
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/104818
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2018-2956 : Vulnerability in Oracle Hospitality OPERA 5 Property Services by Oracle