CVE-2017-10220

{"id": "CVE-2017-10220", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.5}]}, "published": "2017-08-08T15:29:06.507", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/99861", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securitytracker.com/id/1038941", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Hospitality Property Interfaces component of Oracle Hospitality Applications (subcomponent: Parser). The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Hospitality Property Interfaces executes to compromise Hospitality Property Interfaces. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hospitality Property Interfaces accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."}, {"lang": "es", "value": "Vulnerabilidad en el componente Hospitality Property Interfaces de Oracle Hospitality Applications (subcomponente: Parser). La versi\u00f3n compatible afectada es la 8.10.x. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga permisos de inicio de sesi\u00f3n en la infraestructura en la que se ejecuta Hospitality Property Interfaces comprometa la seguridad de Hospitality Property Interfaces. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso de lectura sin autorizaci\u00f3n a un subconjunto de datos accesibles de Hospitality Property Interfaces. CVSS 3.0 Base Score 4.0 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:hospitality_suite8_property_interfaces:8.10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3724A797-A15C-4BF4-94C3-F662AC2F8C0E"}, {"criteria": "cpe:2.3:a:oracle:hospitality_suite8_property_interfaces:8.10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43426EE8-02B5-464E-A050-67F386BE9DD0"}, {"criteria": "cpe:2.3:a:oracle:hospitality_suite8_property_interfaces:8.10.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E03EAEC6-5723-4F01-9F7D-16EE09654691"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}