SQL Injection Vulnerability in Oracle Hospitality Reporting and Analytics
CVE-2019-2947

7.1HIGH

Key Information:

Vendor: Oracle
Status: Hospitality Reporting And Analytics
Vendor: CVE Published:; 16 October 2019

Summary

A SQL injection vulnerability exists within the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. This flaw allows a low privileged attacker with Inventory Integration privileges and network access through HTTP to manipulate the system. If exploited, this could lead to unauthorized access to sensitive information, including critical data, as well as potential unauthorized updates, inserts, or deletions of accessible records. Organizations using the affected version should take immediate steps to mitigate this risk to safeguard their data and ensure system integrity.

Affected Version(s)

Hospitality Reporting and Analytics 9.1.0

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Dec 14, 2018