CVE-2023-21826

Name of the Vulnerable Software and Affected Versions Oracle Hospitality Reporting and Analytics version 9.1.0

Description The issue is related to insufficient input validation in the Reporting component of Oracle Hospitality Reporting and Analytics. This easily exploitable vulnerability can be compromised by a low-privileged attacker with network access via HTTPS, requiring human interaction from a person other than the attacker. Successful attacks can result in unauthorized access to critical data, complete access to all accessible data, unauthorized update, insert, or delete access to some accessible data, and the ability to cause a hang or frequently repeatable crash of Oracle Hospitality Reporting and Analytics.

Recommendations For version 9.1.0, update to a newer version that contains a fix for this issue, as the current version is affected and can be easily exploited. At the moment, there is no information about a newer version that contains a fix for this vulnerability.