Vulnerability in Oracle Hospitality Reporting and Analytics for Food and Beverage Applications
CVE-2019-2952

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Hospitality Reporting And Analytics
Vendor: CVE Published:; 16 October 2019

What is CVE-2019-2952?

This vulnerability exists within the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications, specifically in version 9.1.0. It enables an unauthenticated attacker with network access via HTTP to compromise the system. Although the exploit requires human interaction from someone other than the attacker, it poses a significant risk by allowing unauthorized updates, inserts, or deletions of accessible data. Additionally, the exploit can lead to unauthorized reading of certain data within the system, potentially impacting the data integrity and confidentiality across associated products.

Affected Version(s)

Hospitality Reporting and Analytics 9.1.0

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Dec 14, 2018