Exploitable Vulnerability in Oracle Hospitality Cruise Shipboard Property Management System
CVE-2019-2411

7.6HIGH

Key Information:

Vendor: Oracle
Status: Hospitality Cruise Shipboard Property Management System
Vendor: CVE Published:; 16 January 2019

What is CVE-2019-2411?

The vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System enables a low-privileged attacker with network access to compromise the system through human interaction. Successful exploitation can lead to severe consequences, including denial of service through crashes, as well as unauthorized access to sensitive data that can be updated, inserted, or deleted. Attackers may leverage this flaw to disrupt operations significantly, impacting not only the affected system but potentially other interconnected products.

Affected Version(s)

Hospitality Cruise Shipboard Property Management System 8.0.8

References

http://www.securityfocus.com/bid/106609

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2019
Vulnerability Reserved
Dec 14, 2018