CVE-2017-10136
First published: Tue Aug 08 2017(Updated: )
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). The supported version that is affected is 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Hospitality Simphony | =2.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-10136?
CVE-2017-10136 is classified as an easily exploitable vulnerability.
How do I fix CVE-2017-10136?
To fix CVE-2017-10136, you should update Oracle Hospitality Simphony to the latest version provided by Oracle.
Who is affected by CVE-2017-10136?
Organizations using Oracle Hospitality Simphony version 2.9 are affected by CVE-2017-10136.
Can CVE-2017-10136 be exploited remotely?
Yes, CVE-2017-10136 can be exploited remotely by an unauthenticated attacker with network access.
What component of Oracle is vulnerable in CVE-2017-10136?
The vulnerability exists in the Import/Export functionality of the Oracle Hospitality Simphony component.
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/oracle
- canonical/oracle hospitality simphony
- version/oracle hospitality simphony/2.9