Remote Code Execution Vulnerability in Oracle Hospitality Simphony by Oracle
CVE-2019-2402

7.7HIGH

Key Information:

Vendor: Oracle
Status: Hospitality Simphony
Vendor: CVE Published:; 16 January 2019

Summary

A vulnerability exists in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications, specifically in version 2.10. This vulnerability can be exploited by an unauthenticated attacker with network access via HTTP to potentially compromise the system. Successful exploitation may lead to unauthorized actions such as creating, deleting, or modifying access rights to sensitive data within the Oracle Hospitality Simphony platform. Furthermore, attackers might achieve unauthorized access to critical data or gain complete access to all accessible information. This vulnerability also allows the attacker to partially disrupt the service, leading to a denial of service state for the application.

Affected Version(s)

Hospitality Simphony 2.10

References

http://www.securityfocus.com/bid/106573

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2019
Vulnerability Reserved
Dec 14, 2018