Vulnerability in Oracle Hospitality Reporting and Analytics Component
CVE-2019-2936

6.8MEDIUM

Key Information:

Vendor: Oracle
Status: Hospitality Reporting And Analytics
Vendor: CVE Published:; 16 October 2019

Summary

A vulnerability exists in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications, specifically version 9.1.0. This flaw can be exploited by an attacker with low privileges who has Admin - Configuration rights and network access via HTTP. By leveraging this vulnerability, the attacker could unauthorizedly create, delete, or modify access to critical data within Oracle Hospitality Reporting and Analytics, leading to potential information exposure and integrity issues. Such exploitation poses significant risks to sensitive operational data and overall system integrity.

Affected Version(s)

Hospitality Reporting and Analytics 9.1.0

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Dec 14, 2018