CVE-2019-2407

Name of the Vulnerable Software and Affected Versions Oracle Hospitality Reporting and Analytics version 9.1.0

Description The issue allows a low-privileged attacker with Report privilege and logon access to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise the system. This can result in unauthorized access to critical data, complete access to all accessible data, as well as unauthorized update, insert, or delete access to some accessible data.

Recommendations For Oracle Hospitality Reporting and Analytics version 9.1.0, consider restricting the Report privilege to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit logon access to the infrastructure where Oracle Hospitality Reporting and Analytics executes to reduce the attack surface.