CVE-2017-10206 : Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Engagement)

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Engagement). The supported version that is affected is 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data as well as unauthorized read access to a subset of Oracle Hospitality Simphony accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).

Published 2017-08-08 15:29:06

Updated 2019-10-03 00:03:26

Source Oracle

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2017-10206

Probability of exploitation activity in the next 30 days: 0.15%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 50 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-10206

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.3	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	3.9	3.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low

References for CVE-2017-10206

http://www.securityfocus.com/bid/99641

Oracle Hospitality Applications CVE-2017-10206 Remote Security Vulnerability
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1038941

Oracle Hospitality Applications Multiple Flaws Let Remote and Local Users Access and Modify Data and Deny Service - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Oracle Critical Patch Update - July 2017
Patch;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2017-10206

Oracle » Hospitality Simphony » Version: 2.9
cpe:2.3:a:oracle:hospitality_simphony:2.9:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2017-10206

Exploit prediction scoring system (EPSS) score for CVE-2017-10206

CVSS scores for CVE-2017-10206

References for CVE-2017-10206

Products affected by CVE-2017-10206