CVE-2018-2956 - Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Ap

CVE-2018-2956

Summary

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Integration). The supported version that is affected is 5.5.x. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality OPERA 5 Property Services executes to compromise Oracle Hospitality OPERA 5 Property Services. While the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5 Property Services. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

References

Vulnerable Configurations

cpe:2.3:a:oracle:hospitality_opera_property_management:5.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_opera_property_management:5.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_opera_property_management:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_opera_property_management:5.5.1:*:*:*:*:*:*:*

CVSS

Base:	4.4 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	104818
confirm	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
sectrack	1041300

Last major update

03-10-2019 - 00:03

Published

18-07-2018 - 13:29

Last modified

03-10-2019 - 00:03