Oracle Hospitality OPERA 5 Login Vulnerability Exposes Sensitive Data
CVE-2020-2677

5.7MEDIUM

Key Information:

Vendor: Oracle
Status: Hospitality Opera 5 Property Services
Vendor: CVE Published:; 15 January 2020

What is CVE-2020-2677?

A vulnerability in the login component of Oracle Hospitality OPERA 5 allows low-privileged attackers with network access via HTTP to gain unauthorized access to sensitive data. This issue affects supported versions 5.5 and 5.6, with successful exploitation requiring human interaction from a victim. Attackers can potentially access all data that is available within the Oracle Hospitality OPERA 5 system, leading to significant security risks.

Affected Version(s)

Hospitality OPERA 5 Property Services 5.5

Hospitality OPERA 5 Property Services 5.6

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019

JSON