CVE-2024-21172

Name of the Vulnerable Software and Affected Versions Oracle Hospitality OPERA 5 versions 5.6.19.19, 5.6.25.8, 5.6.26.4

Description The issue is related to insufficient input validation in the Opera Servlet component, allowing an unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks can result in takeover of the application. While the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products.

Recommendations For version 5.6.19.19, update to a version that fixes the issue. For version 5.6.25.8, update to a version that fixes the issue. For version 5.6.26.4, update to a version that fixes the issue. As a temporary workaround, consider restricting access to the Opera Servlet component until a patch is available.