First published: Tue Apr 23 2019(Updated: )
Vulnerability in the Oracle Hospitality Cruise Dining Room Management component of Oracle Hospitality Applications (subcomponent: Web Service). The supported version that is affected is 8.0.80. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Dining Room Management. While the vulnerability is in Oracle Hospitality Cruise Dining Room Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Dining Room Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Dining Room Management accessible data. CVSS 3.0 Base Score 9.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N).
Credit: secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle Hospitality Cruise | =8.0.80 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-2702 is classified as an easily exploitable vulnerability that can be targeted by unauthenticated attackers.
To remediate CVE-2019-2702, update the Oracle Hospitality Cruise Dining Room Management component to version 8.0.80 or apply the latest security patches.
Organizations using Oracle Hospitality Cruise Dining Room Management version 8.0.80 are at risk due to CVE-2019-2702.
CVE-2019-2702 can be exploited via HTTP, allowing attackers with network access to compromise the affected system.
No, exploitation of CVE-2019-2702 does not require authentication, making it more vulnerable to attacks.