[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: CVE for services - already done? CVE-2017-10128
- To: Kurt Seifried <kurt@seifried.org>, cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>, "Andy Balinsky (balinsky)" <balinsky@cisco.com>
- Subject: RE: CVE for services - already done? CVE-2017-10128
- From: "Millar, Thomas" <Thomas.Millar@hq.dhs.gov>
- Date: Wed, 18 Oct 2017 22:06:44 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=fail action=none header.from=hq.dhs.gov;
- Delivery-date: Thu Oct 19 07:51:14 2017
- In-reply-to: <CABqVa3-k3+6U4RdCSBVvAagE5Jiw9xXnbZqj0BcS3XUN_BECcQ@mail.gmail.com>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <CABqVa3-k3+6U4RdCSBVvAagE5Jiw9xXnbZqj0BcS3XUN_BECcQ@mail.gmail.com>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 5952c28dcc454f0789fb433d26f936ef
- Spamdiagnosticoutput: 1:2
- Thread-index: AQHTSFKntHgBpBmmXkCdQEcDdCnE9qLqKh9c
- Thread-topic: CVE for services - already done? CVE-2017-10128
It reads to me like there is an app that resides on systems in the hotel offices, and that’s where the vulnerability is, so an action by the local admin is needed to address.
Tom Millar, US-CERT
Sent from +1-202-631-1915
https://www.us-cert.gov
From: owner-cve-editorial-board-list@lists.mitre.org on behalf of Kurt Seifried
Sent: Wednesday, October 18, 2017 9:47:45 PM
To: cve-editorial-board-list; Andy Balinsky (balinsky)
Subject: CVE for services - already done? CVE-2017-10128
Vulnerability in the Hospitality WebSuite8 Cloud Service component of Oracle Hospitality Applications (subcomponent: General). Supported versions that
are affected are 8.9.6 and 8.10.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hospitality WebSuite8 Cloud Service. Successful attacks require human interaction from a person other than the attacker
and while the vulnerability is in Hospitality WebSuite8 Cloud Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hospitality WebSuite8
Cloud Service accessible data as well as unauthorized read access to a subset of Hospitality WebSuite8 Cloud Service accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
Oracle Hospitality WebSuite8 is cloud-based hotel software designed for small hotels and guest and boarding houses. The solution enables efficient guest and room
management while increasing online revenue through an integrated booking engine and channel manager solution. This product is available in the EMEA and JAPAC regions only.
So I guess we're doing cloud services now =) or should this be rejected, or?
--
Kurt Seifried
kurt@seifried.org
kurt@seifried.org
- Follow-Ups:
- RE: CVE for services - already done? CVE-2017-10128
- From: "Coffin, Chris" <ccoffin@mitre.org>
- RE: CVE for services - already done? CVE-2017-10128
- References:
- CVE for services - already done? CVE-2017-10128
- From: Kurt Seifried <kurt@seifried.org>
- CVE for services - already done? CVE-2017-10128
- Prev by Date: CVE for services - already done? CVE-2017-10128
- Next by Date: RE: CVE for services - already done? CVE-2017-10128
- Previous by thread: CVE for services - already done? CVE-2017-10128
- Next by thread: RE: CVE for services - already done? CVE-2017-10128
- Index(es):
