Vulnerability in Oracle Hospitality OPERA 5 Property Services by Oracle
CVE-2020-14858

6.8MEDIUM

Key Information:

Vendor: Oracle
Status: Hospitality Opera 5 Property Services
Vendor: CVE Published:; 21 October 2020

What is CVE-2020-14858?

An exploitable vulnerability exists in the Oracle Hospitality OPERA 5 Property Services product, specifically in its logging component. This flaw impacts supported versions 5.5 and 5.6, allowing attackers with high privileges and network access via HTTP to execute successful attacks. Notably, these attacks require human interaction from a user not affiliated with the attacker, potentially leading to a complete takeover of the Oracle Hospitality OPERA 5 Property Services. This scenario poses significant risks to confidentiality, integrity, and availability of the affected systems.

Affected Version(s)

Hospitality OPERA 5 Property Services 5.5

Hospitality OPERA 5 Property Services 5.6

References

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2020
Vulnerability Reserved
Jun 19, 2020