CVE-2020-14877

Name of the Vulnerable Software and Affected Versions Oracle Hospitality OPERA 5 Property Services versions 5.5 and 5.6

Description The issue is related to insufficient input validation in the Logging component of Oracle Hospitality OPERA 5 Property Services. This easily exploitable vulnerability allows a high-privileged attacker with network access via HTTP to compromise the service. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all accessible data, as well as unauthorized access to critical data.

Recommendations For versions 5.5 and 5.6, consider restricting access to the Logging component until a patch is available. As a temporary workaround, limit network access via HTTP to minimize the risk of exploitation. Avoid using the vulnerable Logging component for critical data handling until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.