Authentication Flaw in Hospitality OPERA 5 Property Services by Oracle
CVE-2023-22087

8.8HIGH

Key Information:

Vendor: Oracle
Status: Hospitality Opera 5 Property Services
Vendor: CVE Published:; 17 October 2023

What is CVE-2023-22087?

A network-based vulnerability in Oracle's Hospitality OPERA 5 Property Services allows an attacker with low privileges to exploit the affected system through HTTP. This flaw can lead to unauthorized control over the Hospitality OPERA 5 Property Services, which may compromise the security and integrity of sensitive data and operational functionalities. Users are urged to apply the recommended patches to mitigate risks associated with this vulnerability.

Affected Version(s)

Hospitality OPERA 5 Property Services 5.6

References

https://www.oracle.com/security-alerts/cpuoct2023.html

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Dec 17, 2022