Oracle Hospitality Simphony vulnerabilities

CVE-2025-30686 [HIGH] CWE-497 CVE-2025-30686: Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (c Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: EMC). Supported versions that are affected are 19.1-19.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can resu

CVE-2024-21014 [CRITICAL] CWE-306 CVE-2024-21014: Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (c Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attack

CVE-2024-21010 [CRITICAL] CWE-863 CVE-2024-21010: Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (c Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerab

CVE-2024-20997 [CRITICAL] CVE-2024-20997: Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (c Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is

CVE-2024-20989 [HIGH] CVE-2024-20989: Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (c Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony POS). Supported versions that are affected are 19.1.0-19.5.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability

CVE-2021-2018 [HIGH] CVE-2021-2018: Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versi Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attack

CVE-2018-1285 [CRITICAL] CWE-611 CVE-2018-1285: Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net conf Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.

CVE-2020-11022 [MEDIUM] CWE-79 CVE-2020-11022: In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted source In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVE-2019-11358 [MEDIUM] CWE-1321 CVE-2019-11358: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(t jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

CVE-2019-2402 [HIGH] CVE-2019-2402: Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. The supported version that is affected is 2.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized creatio

CVE-2019-2403 [MEDIUM] CVE-2019-2403: Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. The supported version that is affected is 2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized update,

CVE-2018-2978 [HIGH] CVE-2018-2978: Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subco Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). Supported versions that are affected are 2.8, 2.9 and 2.10. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability

CVE-2018-2851 [HIGH] CVE-2018-2851: Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Appli Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony First Edition. Succ

CVE-2018-2829 [HIGH] CVE-2018-2829: Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subco Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). The supported version that is affected is 2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerabil

CVE-2018-2833 [HIGH] CVE-2018-2833: Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subco Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). Supported versions that are affected are 2.7, 2.8, 2.9 and 2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of

CVE-2018-2848 [HIGH] CVE-2018-2848: Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Appli Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Client Application Loader). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony First Edition. Success

CVE-2018-2824 [HIGH] CVE-2018-2824: Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subco Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). Supported versions that are affected are 2.8, 2.9 and 2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is

CVE-2018-2853 [MEDIUM] CVE-2018-2853: Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Appli Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Operations, Client Application Loader). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony First Edi

CVE-2018-2847 [MEDIUM] CVE-2018-2847: Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Appli Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Operations). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony First Edition. Successful attacks of

CVE-2018-2802 [MEDIUM] CVE-2018-2802: Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subco Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Client Application Loader). Supported versions that are affected are 2.8 and 2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnera