CVE-2024-21172Improper Restriction of Names for Files and Other Resources in Corporation Oracle Hospitality Opera 5

CWE-641Improper Restriction of Names for Files and Other Resources6 documents5 sources
Severity
9.0CRITICALNVD
EPSS
3.5%
top 12.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Oracle Hospitality Opera 5Oracle Hospitality Opera 5
Timeline
PublishedOct 15
Latest updateJan 14

Description

Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.19, 5.6.25.8 and 5.6.26.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. While the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages2 packages

NVDoracle/hospitality_opera_55.6.19.19, 5.6.25.8, 5.6.26.4+2
CVEListV5oracle_corporation/oracle_hospitality_opera_55.6.19.19, 5.6.25.8, 5.6.26.4+2

🔴Vulnerability Details

2
GHSA
GHSA-j4c2-c778-c3qh: Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet)2024-10-15
CVEList
CVE-2024-21172: Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet)2024-10-15

📋Vendor Advisories

3
Red Hat
dotnet: .NET and Visual Studio Remote Code Execution Vulnerability2025-01-14
Oracle
Oracle Oracle Hospitality Applications Risk Matrix: Opera Servlet — CVE-2024-211722024-10-15
Red Hat
Oracle Hospitality Applications: From CVEorg collector2024-10-15
CVE-2024-21172 — CRITICAL severity | cvebase