CVE-2019-3025

🗓️ 16 Oct 2019 17:40:59Reported by oracleType

cve🔗 web.nvd.nist.gov👁 81 Views🌐 WEB

Vulnerability in Oracle Hospitality RES 3700 component of Oracle Food and Beverage Application

Reporter	Title	Published	Views	Family All 13
0day.today	Oracle Hospitality RES 3700 5.7 - Remote Code Execution Exploit	19 May 202000:00	–	zdt
CNVD	Oracle Hospitality RES 3700 Unauthorized Access Vulnerability	16 Oct 201900:00	–	cnvd
Cvelist	CVE-2019-3025	16 Oct 201917:40	–	cvelist
Exploit DB	Oracle Hospitality RES 3700 5.7 - Remote Code Execution	18 May 202000:00	–	exploitdb
NVD	CVE-2019-3025	16 Oct 201918:15	–	nvd
Oracle	Oracle Critical Patch Update Advisory - October 2019	22 Jan 202000:00	–	oracle
OSV	CVE-2019-3025	16 Oct 201918:15	–	osv
Packet Storm	Oracle Hospitality RES 3700 5.7 Remote Code Execution	18 May 202000:00	–	packetstorm
Prion	Buffer overflow	16 Oct 201918:15	–	prion
Positive Technologies	PT-2019-3598 · Oracle · Oracle Hospitality Res 3700	15 Oct 201900:00	–	ptsecurity

NVD

Vulners

Node

oracle hospitality_res_3700Match5.7

[
  {
    "product": "Hospitality RES 3700",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "5.7"
      }
    ]
  }
]

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/157746/Oracle-Hospitality-RES-3700-5.7-Remote-Code-Execution.html
oracle	www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Parameter	Position	Path	Description
dst	request body	/	Remote code execution via SOAP TransferFile in RES 3700 exposing XML SOAP envelope with crafted parameters in the request body
fn	request body	/	Remote code execution via SOAP TransferFile in RES 3700 exposing XML SOAP envelope with crafted parameters in the request body
data	request body	/	Remote code execution via SOAP TransferFile in RES 3700 exposing XML SOAP envelope with crafted parameters in the request body

21 Nov 2024 04:42Current

8.7High risk

Vulners AI Score8.7

CVSS 26.8

CVSS 3.19

EPSS0.27585

SSVC