Vulnerability in Oracle Hospitality Reporting and Analytics for Food and Beverage Applications
CVE-2019-2952
6.1MEDIUM
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 16 October 2019
Summary
This vulnerability exists within the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications, specifically in version 9.1.0. It enables an unauthenticated attacker with network access via HTTP to compromise the system. Although the exploit requires human interaction from someone other than the attacker, it poses a significant risk by allowing unauthorized updates, inserts, or deletions of accessible data. Additionally, the exploit can lead to unauthorized reading of certain data within the system, potentially impacting the data integrity and confidentiality across associated products.
Affected Version(s)
Hospitality Reporting and Analytics 9.1.0
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved