CVE-2024-21014

CWE-306Missing Authentication4 documents4 sources
Severity
9.8CRITICAL
EPSS
1.2%
top 20.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Hospitality SimphonyOracle Hospitality Simphony
Timeline
PublishedApr 16
Latest updateApr 17

Description

Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability imp

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDoracle/hospitality_simphony19.1.019.5.4
CVEListV5oracle_corporation/hospitality_simphony19.1.019.5.4

🔴Vulnerability Details

2
GHSA
GHSA-q3x9-cqxj-2x38: Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server)2024-04-17
CVEList
CVE-2024-21014: Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server)2024-04-16

📋Vendor Advisories

1
Oracle
Oracle Oracle Food and Beverage Applications Risk Matrix: Simphony Enterprise Server — CVE-2024-210142024-04-15