Lucene search

K
cve[email protected]CVE-2017-3552
HistoryApr 24, 2017 - 7:59 p.m.

CVE-2017-3552

2017-04-2419:59:04
CWE-200
web.nvd.nist.gov
22
cve-2017-3552
oracle hospitality
opera 5 property services
vulnerability
unauthorized access

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

3.4

Confidence

High

EPSS

0.001

Percentile

21.6%

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Room Image/Picture Setup). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily “exploitable” vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Affected configurations

Vulners
NVD
Node
oraclehospitality_opera_5_property_servicesRange5.4.0
OR
oraclehospitality_opera_5_property_servicesRange5.4.1
OR
oraclehospitality_opera_5_property_servicesRange5.4.2
OR
oraclehospitality_opera_5_property_servicesRange5.4.3
OR
oraclehospitality_opera_5_property_servicesRange5.5.0
OR
oraclehospitality_opera_5_property_servicesRange5.5.1
VendorProductVersionCPE
oraclehospitality_opera_5_property_services*cpe:2.3:a:oracle:hospitality_opera_5_property_services:*:*:*:*:*:*:*:*
oraclehospitality_opera_5_property_services*cpe:2.3:a:oracle:hospitality_opera_5_property_services:*:*:*:*:*:*:*:*
oraclehospitality_opera_5_property_services*cpe:2.3:a:oracle:hospitality_opera_5_property_services:*:*:*:*:*:*:*:*
oraclehospitality_opera_5_property_services*cpe:2.3:a:oracle:hospitality_opera_5_property_services:*:*:*:*:*:*:*:*
oraclehospitality_opera_5_property_services*cpe:2.3:a:oracle:hospitality_opera_5_property_services:*:*:*:*:*:*:*:*
oraclehospitality_opera_5_property_services*cpe:2.3:a:oracle:hospitality_opera_5_property_services:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Hospitality OPERA 5 Property Services",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "5.4.0.x"
      },
      {
        "status": "affected",
        "version": "5.4.1.x"
      },
      {
        "status": "affected",
        "version": "5.4.2.x"
      },
      {
        "status": "affected",
        "version": "5.4.3.x"
      },
      {
        "status": "affected",
        "version": "5.5.0.x"
      },
      {
        "status": "affected",
        "version": "5.5.1.x"
      }
    ]
  }
]

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

3.4

Confidence

High

EPSS

0.001

Percentile

21.6%

Related for CVE-2017-3552