Vulnerability in Oracle Hospitality Reporting and Analytics
CVE-2023-21828

8.1HIGH

Key Information:

Vendor: Oracle
Status: Hospitality Reporting and Analytics
Vendor: CVE Published:; 18 January 2023

Summary

An access control vulnerability exists in the Oracle Hospitality Reporting and Analytics component, part of the broader Oracle Food and Beverage Applications. This vulnerability allows low privileged attackers with network access via HTTPS to exploit the system. Successful exploitation may lead to unauthorized actions, including the creation, deletion, or modification of critical data, potentially compromising sensitive information entirely. This poses significant risks to data confidentiality and integrity, calling for immediate attention from affected users to mitigate potential exploits.

Affected Version(s)

Hospitality Reporting and Analytics 9.1.0

References

https://www.oracle.com/security-alerts/cpujan2023.html

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 18, 2023
Vulnerability Reserved
Dec 17, 2022