CVE-2018-2853 | Vulnerability Database | Aqua Security

Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Operations, Client Application Loader). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony First Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Simphony First Edition accessible data as well as unauthorized read access to a subset of Oracle Hospitality Simphony First Edition accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).

Affected Software

Name	Vendor	Start Version	End Version
Hospitality_simphony	Oracle	1.6 (including)	1.6 (including)
Hospitality_simphony	Oracle	1.7 (including)	1.7 (including)

References

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.securityfocus.com/bid/103906

NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-2853
CWE	https://cwe.mitre.org/data/definitions/.html