CVE

CVE-2017-10054

Date: (C)2017-10-27   (M)2023-12-22

Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications (subcomponent: MMS). The supported version that is affected is 7.30.564.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Materials Management executes to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Materials Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Materials Management accessible data. CVSS 3.0 Base Score 5.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 5.1		CVSS Score : 3.6
Exploit Score: 2.5		Exploit Score: 3.9
Impact Score: 2.5		Impact Score: 4.9
CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: LOCAL		Access Vector: LOCAL
Attack Complexity: LOW		Access Complexity: LOW
Privileges Required: NONE		Authentication: NONE
User Interaction: NONE		Confidentiality: PARTIAL
Scope: UNCHANGED		Integrity: PARTIAL
Confidentiality: LOW		Availability: NONE
Integrity: LOW
Availability: NONE

Reference:

BID-101456

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html