First published: Tue Apr 16 2024(Updated: )
Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle Hospitality Simphony | >=19.1.0<=19.5.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-21014 has been classified as an easily exploitable vulnerability with high severity due to its impact on Oracle Hospitality Simphony.
To fix CVE-2024-21014, users should upgrade their Oracle Hospitality Simphony software to a version above 19.5.4.
CVE-2024-21014 affects organizations using Oracle Hospitality Simphony versions 19.1.0 to 19.5.4 that are accessible over HTTP.
CVE-2024-21014 can be exploited by unauthenticated attackers with network access via HTTP, potentially leading to unauthorized access.
Yes, CVE-2024-21014 is remotely exploitable as it allows attacks over an HTTP connection without requiring authentication.