CVE-2019-2397

Name of the Vulnerable Software and Affected Versions Oracle Hospitality Reporting and Analytics version 9.1.0

Description The issue is related to insufficient access control in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. It allows a low-privileged attacker with report privilege and logon access to the infrastructure to compromise Oracle Hospitality Reporting and Analytics. Successful attacks can result in unauthorized access to modify, add, or delete data, as well as unauthorized read access to a subset of accessible data.

Recommendations For version 9.1.0, consider restricting access to the Oracle Hospitality Reporting and Analytics component to minimize the risk of exploitation until a patch is available. Additionally, review and limit report privileges to only those necessary for operations to reduce the potential impact of an attack.