ID CVE-2018-2852 Type cve Reporter cve@mitre.org Modified 2019-10-03T00:03:00
Description
Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. While the vulnerability is in Oracle Hospitality Guest Access, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Guest Access accessible data as well as unauthorized read access to a subset of Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).
{"id": "CVE-2018-2852", "bulletinFamily": "NVD", "title": "CVE-2018-2852", "description": "Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. While the vulnerability is in Oracle Hospitality Guest Access, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Guest Access accessible data as well as unauthorized read access to a subset of Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).", "published": "2018-04-19T02:29:00", "modified": "2019-10-03T00:03:00", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2852", "reporter": "cve@mitre.org", "references": ["http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "http://www.securityfocus.com/bid/103915"], "cvelist": ["CVE-2018-2852"], "type": "cve", "lastseen": "2021-02-02T06:52:36", "edition": 5, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "oracle", "idList": ["ORACLE:CPUAPR2018", "ORACLE:CPUAPR2018-3678067"]}], "modified": "2021-02-02T06:52:36", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2021-02-02T06:52:36", "rev": 2}, "vulnersScore": 5.3}, "cpe": ["cpe:/a:oracle:hospitality_guest_access:4.2.0", "cpe:/a:oracle:hospitality_guest_access:4.2.1"], "affectedSoftware": [{"cpeName": "oracle:hospitality_guest_access", "name": "oracle hospitality guest access", "operator": "eq", "version": "4.2.1"}, {"cpeName": "oracle:hospitality_guest_access", "name": "oracle hospitality guest access", "operator": "eq", "version": "4.2.0"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.1, "impactScore": 2.7}, "cpe23": ["cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "refsource": "CONFIRM", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"}, {"name": "103915", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103915"}]}
{"oracle": [{"lastseen": "2019-05-29T18:20:57", "bulletinFamily": "software", "cvelist": ["CVE-2018-2768", "CVE-2018-2802", "CVE-2018-2775", "CVE-2018-2815", "CVE-2018-2748", "CVE-2018-2836", "CVE-2017-9798", "CVE-2018-2878", "CVE-2018-2826", "CVE-2018-2827", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-2817", "CVE-2018-2800", "CVE-2018-2868", "CVE-2018-2832", "CVE-2018-2789", "CVE-2018-2852", "CVE-2018-2808", "CVE-2018-2749", "CVE-2018-2747", "CVE-2018-2563", "CVE-2018-2860", "CVE-2018-2769", "CVE-2017-13080", "CVE-2016-5019", "CVE-2018-2776", "CVE-2018-7489", "CVE-2016-6306", "CVE-2018-2841", "CVE-2018-2759", "CVE-2016-2183", "CVE-2018-2870", "CVE-2018-2844", "CVE-2018-2822", "CVE-2018-2853", "CVE-2018-2746", "CVE-2016-2178", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2803", "CVE-2016-9878", "CVE-2017-10400", "CVE-2017-3735", "CVE-2018-2823", "CVE-2018-2842", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2820", "CVE-2018-2765", "CVE-2018-2876", "CVE-2016-3092", "CVE-2018-2856", "CVE-2018-2872", "CVE-2018-2858", "CVE-2016-6302", "CVE-2017-13082", "CVE-2018-2819", "CVE-2018-2783", "CVE-2018-2774", "CVE-2016-8745", "CVE-2016-2177", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2835", "CVE-2018-2848", "CVE-2018-2840", "CVE-2016-0635", "CVE-2018-2863", "CVE-2018-2867", "CVE-2018-2845", "CVE-2018-2824", "CVE-2018-2861", "CVE-2018-2777", "CVE-2018-2738", "CVE-2018-2838", "CVE-2018-2849", "CVE-2015-7501", "CVE-2018-2754", "CVE-2018-2795", "CVE-2016-6307", "CVE-2017-3737", "CVE-2013-1768", "CVE-2017-15707", "CVE-2018-2791", "CVE-2018-2807", "CVE-2018-2766", "CVE-2018-2763", "CVE-2018-2780", "CVE-2018-2879", "CVE-2018-2752", "CVE-2016-6308", "CVE-2017-13078", "CVE-2017-5662", "CVE-2018-2816", "CVE-2014-0054", "CVE-2018-2793", "CVE-2016-2180", "CVE-2018-2742", "CVE-2018-2739", "CVE-2017-7805", "CVE-2018-2798", "CVE-2018-2814", "CVE-2018-2855", "CVE-2018-2799", "CVE-2017-5715", "CVE-2018-2787", "CVE-2016-2181", "CVE-2018-2818", "CVE-2016-6304", "CVE-2018-2753", "CVE-2018-2756", "CVE-2018-2851", "CVE-2018-2796", "CVE-2018-2764", "CVE-2018-2837", "CVE-2018-2847", "CVE-2018-0739", "CVE-2017-17562", "CVE-2018-2805", "CVE-2018-2572", "CVE-2018-2801", "CVE-2018-2761", "CVE-2018-2821", "CVE-2018-2782", "CVE-2018-2831", "CVE-2018-2773", "CVE-2018-2797", "CVE-2018-2864", "CVE-2018-2828", "CVE-2018-2866", "CVE-2018-2587", "CVE-2018-2829", "CVE-2017-7525", "CVE-2018-2770", "CVE-2016-7052", "CVE-2018-2718", "CVE-2018-2781", "CVE-2018-2830", "CVE-2018-2806", "CVE-2017-5664", "CVE-2018-2779", "CVE-2018-2825", "CVE-2018-2813", "CVE-2016-5007", "CVE-2018-2854", "CVE-2018-2811", "CVE-2018-2762", "CVE-2018-2869", "CVE-2018-2790", "CVE-2017-3738", "CVE-2018-2877", "CVE-2018-2865", "CVE-2018-2760", "CVE-2018-2834", "CVE-2016-6305", "CVE-2016-6303", "CVE-2018-2772", "CVE-2018-2846", "CVE-2018-2792", "CVE-2017-5645", "CVE-2016-2182", "CVE-2018-2833", "CVE-2017-12617", "CVE-2018-2859", "CVE-2018-2843", "CVE-2018-2804", "CVE-2017-10393", "CVE-2018-2788", "CVE-2018-2628", "CVE-2018-2785", "CVE-2018-2750", "CVE-2018-2873", "CVE-2015-7940", "CVE-2017-3736", "CVE-2018-2758", "CVE-2017-13077", "CVE-2016-3506", "CVE-2018-2737", "CVE-2018-2809", "CVE-2018-2871", "CVE-2017-15095", "CVE-2016-2179", "CVE-2016-6814", "CVE-2017-7674", "CVE-2018-2857", "CVE-2018-2839", "CVE-2018-2850", "CVE-2018-2862", "CVE-2016-6309", "CVE-2018-2794", "CVE-2018-2874"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n * [Critical Patch Updates, Security Alerts and Bulletins](<http://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 255 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2018 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2383583.1>).\n\nThe January 2018 Critical Patch Update provided patches in response to the Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) processor vulnerabilities. Please refer to this Advisory and the Addendum to the January 2018 Critical Patch Update Advisory for Spectre and Meltdown MOS note ([Doc ID 2347948.1](<https://support.oracle.com/rs?type=doc&id=2347948.1>)) for information on how to obtain these patches.\n", "modified": "2018-12-10T00:00:00", "published": "2018-04-17T00:00:00", "id": "ORACLE:CPUAPR2018-3678067", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - April 2018", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-04T21:15:53", "bulletinFamily": "software", "cvelist": ["CVE-2013-1768", "CVE-2014-0054", "CVE-2015-7501", "CVE-2015-7940", "CVE-2016-0635", "CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-3092", "CVE-2016-3506", "CVE-2016-5007", "CVE-2016-5019", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6305", "CVE-2016-6306", "CVE-2016-6307", "CVE-2016-6308", "CVE-2016-6309", "CVE-2016-6814", "CVE-2016-7052", "CVE-2016-8745", "CVE-2016-9878", "CVE-2017-10393", "CVE-2017-10400", "CVE-2017-12617", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-15095", "CVE-2017-15707", "CVE-2017-17562", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2017-5645", "CVE-2017-5662", "CVE-2017-5664", "CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-7525", "CVE-2017-7674", "CVE-2017-7805", "CVE-2017-9798", "CVE-2018-0739", "CVE-2018-2563", "CVE-2018-2572", "CVE-2018-2587", "CVE-2018-2628", "CVE-2018-2718", "CVE-2018-2737", "CVE-2018-2738", "CVE-2018-2739", "CVE-2018-2742", "CVE-2018-2746", "CVE-2018-2747", "CVE-2018-2748", "CVE-2018-2749", "CVE-2018-2750", "CVE-2018-2752", "CVE-2018-2753", "CVE-2018-2754", "CVE-2018-2755", "CVE-2018-2756", "CVE-2018-2758", "CVE-2018-2759", "CVE-2018-2760", "CVE-2018-2761", "CVE-2018-2762", "CVE-2018-2763", "CVE-2018-2764", "CVE-2018-2765", "CVE-2018-2766", "CVE-2018-2768", "CVE-2018-2769", "CVE-2018-2770", "CVE-2018-2771", "CVE-2018-2772", "CVE-2018-2773", "CVE-2018-2774", "CVE-2018-2775", "CVE-2018-2776", "CVE-2018-2777", "CVE-2018-2778", "CVE-2018-2779", "CVE-2018-2780", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2783", "CVE-2018-2784", "CVE-2018-2785", "CVE-2018-2786", "CVE-2018-2787", "CVE-2018-2788", "CVE-2018-2789", "CVE-2018-2790", "CVE-2018-2791", "CVE-2018-2792", "CVE-2018-2793", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2801", "CVE-2018-2802", "CVE-2018-2803", "CVE-2018-2804", "CVE-2018-2805", "CVE-2018-2806", "CVE-2018-2807", "CVE-2018-2808", "CVE-2018-2809", "CVE-2018-2810", "CVE-2018-2811", "CVE-2018-2812", "CVE-2018-2813", "CVE-2018-2814", "CVE-2018-2815", "CVE-2018-2816", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819", "CVE-2018-2820", "CVE-2018-2821", "CVE-2018-2822", "CVE-2018-2823", "CVE-2018-2824", "CVE-2018-2825", "CVE-2018-2826", "CVE-2018-2827", "CVE-2018-2828", "CVE-2018-2829", "CVE-2018-2830", "CVE-2018-2831", "CVE-2018-2832", "CVE-2018-2833", "CVE-2018-2834", "CVE-2018-2835", "CVE-2018-2836", "CVE-2018-2837", "CVE-2018-2838", "CVE-2018-2839", "CVE-2018-2840", "CVE-2018-2841", "CVE-2018-2842", "CVE-2018-2843", "CVE-2018-2844", "CVE-2018-2845", "CVE-2018-2846", "CVE-2018-2847", "CVE-2018-2848", "CVE-2018-2849", "CVE-2018-2850", "CVE-2018-2851", "CVE-2018-2852", "CVE-2018-2853", "CVE-2018-2854", "CVE-2018-2855", "CVE-2018-2856", "CVE-2018-2857", "CVE-2018-2858", "CVE-2018-2859", "CVE-2018-2860", "CVE-2018-2861", "CVE-2018-2862", "CVE-2018-2863", "CVE-2018-2864", "CVE-2018-2865", "CVE-2018-2866", "CVE-2018-2867", "CVE-2018-2868", "CVE-2018-2869", "CVE-2018-2870", "CVE-2018-2871", "CVE-2018-2872", "CVE-2018-2873", "CVE-2018-2874", "CVE-2018-2876", "CVE-2018-2877", "CVE-2018-2878", "CVE-2018-2879", "CVE-2018-7489"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * Critical Patch Updates, Security Alerts and Bulletins for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 255 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2018 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2383583.1>).\n\nThe January 2018 Critical Patch Update provided patches in response to the Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) processor vulnerabilities. Please refer to this Advisory and the Addendum to the January 2018 Critical Patch Update Advisory for Spectre and Meltdown MOS note ([Doc ID 2347948.1](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2347948.1>)) for information on how to obtain these patches.\n", "modified": "2018-12-10T00:00:00", "published": "2018-04-17T00:00:00", "id": "ORACLE:CPUAPR2018", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - April 2018", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
