Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security). Supported versions that are affected are 2.7, 2.8 and 2.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle hospitality simphony 2.9 |
||
oracle hospitality simphony 2.7 |
||
oracle hospitality simphony 2.8 |
Patched, Oracle? Speedily
A vulnerability has been unearthed in Oracle MICROS point-of-sale (POS) terminals that allowed hackers to read sensitive data from devices. The flaw (CVE-2018-2636) was fixed in Oracle's January 2018 patch batch, allowing business app security firm ERPScan to go public with its findings. Left unresolved, the bug would enable an attacker to read any file and receive information about various services from a vulnerable MICROS workstation without authentication, ERPScan warned. Oracle's MICROS tech...