Remote Code Execution Vulnerability in Oracle Hospitality Simphony by Oracle
CVE-2019-2402

7.7HIGH

Key Information:

Vendor
Oracle
Vendor
CVE Published:
16 January 2019

Summary

A vulnerability exists in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications, specifically in version 2.10. This vulnerability can be exploited by an unauthenticated attacker with network access via HTTP to potentially compromise the system. Successful exploitation may lead to unauthorized actions such as creating, deleting, or modifying access rights to sensitive data within the Oracle Hospitality Simphony platform. Furthermore, attackers might achieve unauthorized access to critical data or gain complete access to all accessible information. This vulnerability also allows the attacker to partially disrupt the service, leading to a denial of service state for the application.

Affected Version(s)

Hospitality Simphony 2.10

References

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.