Unauthenticated Network Vulnerability in Oracle Hospitality Gift and Loyalty
CVE-2019-2763

8.2HIGH

Key Information:

Vendor: Oracle
Status: Hospitality Gift And Loyalty
Vendor: CVE Published:; 23 July 2019

Summary

A vulnerability exists within the Oracle Hospitality Gift and Loyalty component of Oracle's Food and Beverage Applications that permits unauthenticated attackers to exploit network access via HTTP. This flaw affects versions 9.0.0 and 9.1.0, enabling an attacker to gain unauthorized access to sensitive data, as well as potentially allowing them to perform unauthorized updates, inserts, or deletions of data within the system. Attackers can exploit this vulnerability to compromise the confidentiality and integrity of the data managed by the Gift and Loyalty system.

Affected Version(s)

Hospitality Gift and Loyalty 9.0.0

Hospitality Gift and Loyalty 9.1.0

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018