CVE-2023-21932

Name of the Vulnerable Software and Affected Versions Oracle Hospitality OPERA 5 Property Services version 5.6

Description The issue is related to insufficient input validation in the OXI component of Oracle Hospitality OPERA 5 Property Services. This allows a remote attacker with high privileges and network access via HTTP to compromise the system. Successful attacks can result in unauthorized access to critical data, complete access to all accessible data, unauthorized updates, inserts, or deletes to some accessible data, and a partial denial of service. The vulnerability can significantly impact additional products.

Recommendations For Oracle Hospitality OPERA 5 Property Services version 5.6, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the OXI component to minimize the risk of exploitation. Avoid using HTTP requests to the vulnerable component until the issue is resolved.