Remote Code Execution Vulnerability in Oracle Hospitality OPERA 5 by Oracle
CVE-2018-2957

7.5HIGH

Key Information:

Vendor
Oracle
Status
Hospitality Opera 5 Property Services
Vendor
CVE Published:
18 July 2018

Summary

The vulnerability in the Oracle Hospitality OPERA 5 Property Services component, specifically within the logging subsystem, exposes critical security flaws. An unauthenticated attacker can exploit this weakness remotely via an HTTP network connection, leading to unauthorized access to sensitive data. This could allow the attacker to compromise the integrity of the system, resulting in potential data breaches and complete access to OPERA 5 Property Services data. It is essential for users of the affected versions to implement mitigations and updates promptly.

Affected Version(s)

Hospitality OPERA 5 Property Services 5.5.x

References

http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104809
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041300
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.