CVE-2017-10232

Name of the Vulnerable Software and Affected Versions Oracle Hospitality Applications (subcomponent: General) versions 8.9.6 and 8.10.x

Description The issue allows a low-privileged attacker with network access via HTTP to compromise the Hospitality WebSuite8 Cloud Service, resulting in unauthorized access to critical data. Successful attacks can lead to complete access to all accessible data, as well as unauthorized update, insert, or delete access to some data. Additionally, it can cause a partial denial of service of the Hospitality WebSuite8 Cloud Service.

Recommendations For version 8.9.6, update to a version that includes a fix for this issue. For version 8.10.x, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the Hospitality WebSuite8 Cloud Service component via HTTP to minimize the risk of exploitation.