Unauthorized Data Access Vulnerability in Oracle Hospitality Reporting and Analytics
CVE-2020-14616

2.7LOW

Key Information:

Vendor: Oracle
Status: Hospitality Reporting And Analytics
Vendor: CVE Published:; 15 July 2020

Summary

An unauthorized access vulnerability exists in Oracle Hospitality Reporting and Analytics, specifically in the Reporting component. This flaw can be exploited by attackers with high privileges and network access via HTTP. Successful exploitation can lead to unauthorized read access to sensitive data within Oracle Hospitality Reporting and Analytics, potentially compromising data confidentiality for users. Organizations using the affected version must implement security measures to safeguard against these risks.

Affected Version(s)

Hospitality Reporting and Analytics 9.1.0

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020