CVE-2017-10396

Vulnerability in the Oracle Hospitality Cruise AffairWhere component of Oracle Hospitality Applications (subcomponent: AffairWhere). Supported versions that are affected are 2.2.5.0, 2.2.6.0 and 2.2.7.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise AffairWhere executes to compromise Oracle Hospitality Cruise AffairWhere. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise AffairWhere, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise AffairWhere. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).

CVSS v3 9.9 CRITICAL
CVSS v2.0 6.5 MEDIUM

9.9^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H

Exploitability : 3.1 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/101440

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:hospitality_cruise_affairwhere:2.2.5.0:::::::*
	cpe:2.3:a:oracle:hospitality_cruise_affairwhere:2.2.6.0:::::::*
	cpe:2.3:a:oracle:hospitality_cruise_affairwhere:2.2.7.0:::::::*

History

No history.

Information

Published : 2017-10-19 17:29

Updated : 2024-02-28 16:04

NVD link : CVE-2017-10396

Mitre link : CVE-2017-10396

CVE.ORG link : CVE-2017-10396

JSON object : View

Products Affected

oracle

hospitality_cruise_affairwhere

CWE

NVD-CWE-noinfo

{"id": "CVE-2017-10396", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2017-10-19T17:29:05.640", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/101440", "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Hospitality Cruise AffairWhere component of Oracle Hospitality Applications (subcomponent: AffairWhere). Supported versions that are affected are 2.2.5.0, 2.2.6.0 and 2.2.7.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise AffairWhere executes to compromise Oracle Hospitality Cruise AffairWhere. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise AffairWhere, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise AffairWhere. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)."}, {"lang": "es", "value": "Vulnerabilidad en el componente Oracle Hospitality Cruise AffairWhere de Oracle Hospitality Applications (subcomponente: AffairWhere). Las versiones compatibles que se han visto afectadas son la 2.2.5.0, 2.2.6.0 y la 2.2.7.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con un bajo nivel de privilegios y permisos de inicio de sesi\u00f3n en la infraestructura en la que se ejecuta Oracle Hospitality Cruise AffairWhere comprometa la seguridad de Oracle Hospitality Cruise AffairWhere. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Oracle Hospitality Cruise AffairWhere, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a la toma de control de Oracle Hospitality Cruise AffairWhere. CVSS 3.0 Base Score 8.2 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:hospitality_cruise_affairwhere:2.2.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5E7AD96-8A38-407D-983B-F0766678EC20"}, {"criteria": "cpe:2.3:a:oracle:hospitality_cruise_affairwhere:2.2.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "771E0C34-9888-4094-A894-ECB063D2CE15"}, {"criteria": "cpe:2.3:a:oracle:hospitality_cruise_affairwhere:2.2.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90E9DA71-6D2A-49C5-8CE0-8AA0631EB70B"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}