Unauthenticated Network Vulnerability in Oracle Hospitality OPERA 5
CVE-2024-21172

9CRITICAL

Key Information:

Vendor: Oracle
Status: Oracle Hospitality Opera 5
Vendor: CVE Published:; 15 October 2024

Summary

A significant vulnerability has been identified in the Oracle Hospitality OPERA 5 product, specifically within the Opera Servlet component. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the system. Although the primary focus is on Oracle Hospitality OPERA 5, successful exploitation of this issue may also have ramifications on related Oracle products, potentially expanding the attack surface. The impacted supported versions include 5.6.19.19, 5.6.25.8, and 5.6.26.4. Attackers can leverage this vulnerability to gain control over the system, threatening the confidentiality, integrity, and availability of sensitive data. For further information, refer to the official Oracle Advisory.

Affected Version(s)

Oracle Hospitality OPERA 5 5.6.19.19

Oracle Hospitality OPERA 5 5.6.25.8

Oracle Hospitality OPERA 5 5.6.26.4

References

https://www.oracle.com/security-alerts/cpuoct2024.html

vendor-advisory

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Dec 7, 2023