Vulnerability in Oracle Hospitality OPERA 5 Property Services
CVE-2023-22085

8.8HIGH

Key Information:

Vendor: Oracle
Status: Hospitality Opera 5 Property Services
Vendor: CVE Published:; 17 October 2023

What is CVE-2023-22085?

A vulnerability exists in the Oracle Hospitality OPERA 5 Property Services, specifically in version 5.6, that allows a low privileged attacker with network access via HTTP to take control of the service. Successful exploitation of this vulnerability can lead to unauthorized access, compromising the confidentiality, integrity, and availability of the application. It underscores the need for prompt updates and diligent monitoring of network access to safeguard against potential threats.

Affected Version(s)

Hospitality OPERA 5 Property Services 5.6

References

https://www.oracle.com/security-alerts/cpuoct2023.html

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Dec 17, 2022