unauthenticated access vulnerability in Oracle Hospitality OPERA 5 product
CVE-2020-2676

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Hospitality Opera 5 Property Services
Vendor: CVE Published:; 15 January 2020

Summary

A vulnerability exists in Oracle Hospitality OPERA 5 that enables an unauthenticated attacker with network access via HTTP to exploit weaknesses in the printing component. Successful exploitation requires user interaction from a third party, allowing attackers to gain unauthorized access to sensitive data. The exploitation of this vulnerability may lead to data integrity issues, including unauthorized updates, inserts, and deletions. Additionally, the attacker may access confidential information, prompting significant concerns about data security across connected systems.

Affected Version(s)

Hospitality OPERA 5 Property Services 5.5

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019