CVE-2023-21828Improper Access Control in Corporation Hospitality Reporting AND Analytics

CWE-284Improper Access Control4 documents4 sources
Severity
8.1HIGHNVD
EPSS
0.8%
top 26.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Hospitality Reporting AND AnalyticsOracle Hospitality Reporting AND Analytics
Timeline
PublishedJan 18

Description

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-868v-4v5r-xmhh: Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting)2023-01-18
CVEList
CVE-2023-21828: Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting)2023-01-17

📋Vendor Advisories

1
Oracle
Oracle Oracle Food and Beverage Applications Risk Matrix: Reporting — CVE-2023-218282023-01-15
CVE-2023-21828 — Improper Access Control | cvebase