Vulnerability in Oracle Hospitality Gift and Loyalty Component of Oracle Food and Beverage Applications
CVE-2018-3131

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Hospitality Gift And Loyalty
Vendor: CVE Published:; 17 October 2018

Summary

The vulnerability in the Oracle Hospitality Gift and Loyalty component poses significant risks to existing deployments. An attacker with relatively low privileges can exploit this weakness to gain unauthorized access to sensitive data. If successful, the attacker can manipulate this data, including the ability to update, insert, or delete records. Organizations using version 9.0 of Oracle Hospitality Gift and Loyalty are recommended to implement security best practices, including regular audits and monitoring to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Hospitality Gift and Loyalty 9.0.

Hospitality Gift and Loyalty 9.1

References

http://www.securityfocus.com/bid/105652

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2018
Vulnerability Reserved
Dec 15, 2017