Skip to main content

Hospitality Guest Access CVE-2017-10375

MEDIUM
2017-10-19 secalert_us@oracle.com
4.6
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
4.6 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 19, 2017 - 17:29 cve.org
MEDIUM 4.6

DescriptionCVE.org

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Guest Access accessible data as well as unauthorized read access to a subset of Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N).

AnalysisAI

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Guest Access accessible data as well as unauthorized read access to a subset of Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N). Affected products include: Oracle Hospitality Guest Access.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-1938 CRITICAL POC
9.8 Feb 24

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Rate

CVE-2019-0227 HIGH POC
7.5 May 01

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2

CVE-2020-9484 HIGH POC
7.0 May 20

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a)

CVE-2019-11358 MEDIUM POC
6.1 Apr 20

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) becaus

CVE-2018-1258 HIGH
8.8 May 11

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization b

CVE-2017-10372 HIGH
8.7 Oct 19

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base).

CVE-2018-11784 MEDIUM POC
4.3 Oct 04

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a r

CVE-2017-9735 HIGH
7.5 Jun 16

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attack

CVE-2019-17359 HIGH
7.5 Oct 08

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resulta

CVE-2019-0190 HIGH
7.5 Jan 30

A bug exists in the way mod_ssl handled client renegotiations. Rated high severity (CVSS 7.5), this vulnerability is rem

CVE-2018-11040 HIGH
7.5 Jun 25

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web app

CVE-2018-2604 HIGH
7.5 Jan 18

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base).

Share

CVE-2017-10375 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy