Unauthenticated Network Vulnerability in Oracle Hospitality Simphony POS by Oracle
CVE-2024-20989

7HIGH

Key Information:

Vendor: Oracle
Status: Hospitality Simphony
Vendor: CVE Published:; 16 April 2024

Summary

A vulnerability exists in the Oracle Hospitality Simphony product, particularly affecting the Simphony POS component and versions ranging from 19.1.0 to 19.5.4. This vulnerability allows an unauthenticated attacker with network access via HTTP to breach the security of Oracle Hospitality Simphony. If successfully exploited, the vulnerability can lead to unauthorized access to critical data, as well as total accessibility to all data handled by Oracle Hospitality Simphony. Furthermore, it enables unauthorized actions such as updates, inserts, or deletions of certain data, and can result in a limited denial of service, impacting the overall functionality of the product.

Affected Version(s)

Hospitality Simphony 19.1.0 <= 19.5.4

References

https://www.oracle.com/security-alerts/cpuapr2024.html

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2024