Vulnerability in Oracle Hospitality Simphony Product by Oracle
CVE-2024-21010

9.9CRITICAL

Key Information:

Vendor: Oracle
Status: Hospitality Simphony
Vendor: CVE Published:; 16 April 2024

Summary

A vulnerability exists in the Oracle Hospitality Simphony product line, specifically within the Simphony Enterprise Server component. This security flaw affects supported versions from 19.1.0 to 19.5.4 and allows attackers with low privileges and network access via HTTP to exploit the system. While primarily impacting Oracle Hospitality Simphony, the reach of these attacks could extend to additional products, altering the potential consequences of an exploit. Successful exploitation could lead to full control over the Oracle Hospitality Simphony system, posing significant risks to the confidentiality, integrity, and availability of the affected environments.

Affected Version(s)

Hospitality Simphony 19.1.0 <= 19.5.4

References

https://www.oracle.com/security-alerts/cpuapr2024.html

vendor-advisory

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 16, 2024