[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVE for services - already done? CVE-2017-10128



Vulnerability in the Hospitality WebSuite8 Cloud Service component of Oracle Hospitality Applications (subcomponent: General). Supported versions that are affected are 8.9.6 and 8.10.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hospitality WebSuite8 Cloud Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hospitality WebSuite8 Cloud Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hospitality WebSuite8 Cloud Service accessible data as well as unauthorized read access to a subset of Hospitality WebSuite8 Cloud Service accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

https://www.oracle.com/industries/hospitality/products/websuite8.html

Oracle Hospitality WebSuite8 is cloud-based hotel software designed for small hotels and guest and boarding houses. The solution enables efficient guest and room management while increasing online revenue through an integrated booking engine and channel manager solution. This product is available in the EMEA and JAPAC regions only.

So I guess we're doing cloud services now =) or should this be rejected, or?

--
Kurt Seifried
kurt@seifried.org

Page Last Updated or Reviewed: October 19, 2017