Oracle Food and Beverage Applications Reporting and Analytics Vulnerability
CVE-2019-2397

4.4MEDIUM

Key Information:

Vendor: Oracle
Status: Hospitality Reporting And Analytics
Vendor: CVE Published:; 16 January 2019

Summary

The vulnerability in the Oracle Hospitality Reporting and Analytics component allows an attacker with minimal privileges to compromise the system. The attacker, armed with Report privileges, can access the environment where the application operates. This could lead to unauthorized modification, insertion, or deletion of accessible data, as well as unauthorized reading of sensitive information. Organizations using version 9.1.0 of this software should assess their security measures to mitigate potential exploits effectively.

Affected Version(s)

Hospitality Reporting and Analytics 9.1.0

References

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/106576

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2019
Vulnerability Reserved
Dec 14, 2018