CVE-2023-21932

6 documents6 sources

Severity

7.2HIGH

EPSS

24.4%

top 3.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Hospitality Opera 5 Property Services Oracle Hospitality Opera 5 Property Services

Timeline

PublishedApr 18

Latest updateMay 3

Description

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: OXI). The supported version that is affected is 5.6. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. While the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products (scope change). Successful attacks of thi…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:LExploitability: 1.3 | Impact: 5.3

Affected Packages2 packages

▶NVDoracle/hospitality_opera_5_property_services5.6

▶CVEListV5oracle_corporation/hospitality_opera_5_property_services5.6

🔴Vulnerability Details

GHSA

GHSA-54v6-gcmf-jwgg: Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: OXI)↗2023-04-18

▶

CVEList

CVE-2023-21932: Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: OXI)↗2023-04-18

▶

VulnCheck

Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications OXI Component Vulnerability↗2023

▶

🔍Detection Rules

Suricata

ET EXPLOIT Possible Oracle Opera RCE Attempt (CVE-2023-21932)↗2023-05-03

▶

📋Vendor Advisories

Oracle

Oracle Oracle Hospitality Applications Risk Matrix: OXI — CVE-2023-21932↗2023-04-15

▶