CVE-2024-21014

Name of the Vulnerable Software and Affected Versions Oracle Hospitality Simphony versions 19.1.0 through 19.5.4

Description The issue is related to insufficient input validation in the Simphony Enterprise Server component. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony, potentially resulting in a takeover. The estimated number of potentially affected devices is not specified.

Recommendations For versions 19.1.0 through 19.5.4, update to a version that addresses this issue, as the current version allows for easy exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.