Vulnerability in Oracle Hospitality Cruise Fleet Management System
CVE-2018-2984

8.1HIGH

Key Information:

Vendor
Oracle
Status
Hospitality Cruise Fleet Management
Vendor
CVE Published:
18 July 2018

Summary

A vulnerability exists in the Oracle Hospitality Cruise Fleet Management System, specifically within the Gangway Activity Web App. This flaw allows a low-privileged attacker with network access via HTTP to exploit the system, leading to unauthorized creation, deletion, or modification of critical data. Attackers could gain full access to all data available within the system, potentially compromising the integrity and confidentiality of sensitive information without requiring user interaction.

Affected Version(s)

Hospitality Cruise Fleet Management 9.x

References

http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104802
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041300
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.