CVE-2019-2763

Vulnerability in the Oracle Hospitality Gift and Loyalty component of Oracle Food and Beverage Applications. Supported versions that are affected are 9.0.0 and 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Gift and Loyalty. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Gift and Loyalty accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Gift and Loyalty accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).

CVSS v3 8.2 HIGH
CVSS v2.0 6.4 MEDIUM

8.2^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:food_and_beverage_applications:9.0.0:::::::*
	cpe:2.3:a:oracle:food_and_beverage_applications:9.1.0:::::::*

History

21 Nov 2024, 04:41

Type	Values Removed	Values Added
References	~~() http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html - Patch, Vendor Advisory~~	() http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html - Patch, Vendor Advisory

Information

Published : 2019-07-23 23:15

Updated : 2024-11-21 04:41

NVD link : CVE-2019-2763

Mitre link : CVE-2019-2763

CVE.ORG link : CVE-2019-2763

JSON object : View

Products Affected

oracle

food_and_beverage_applications

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-2763", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2019-07-23T23:15:39.960", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Hospitality Gift and Loyalty component of Oracle Food and Beverage Applications. Supported versions that are affected are 9.0.0 and 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Gift and Loyalty. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Gift and Loyalty accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Gift and Loyalty accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)."}, {"lang": "es", "value": "Una Vulnerabilidad en el componente Oracle Hospitality Gift and Loyalty de Food and Beverage Applications de Oracle. Las versiones compatibles que est\u00e1n afectadas son 9.0.0 y 9.1.0. Una vulnerabilidad f\u00e1cilmente explotable permite a los atacantes no autenticados con acceso a la red por medio de HTTP comprometer a Oracle Hospitality Gift and Loyalty. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o acceso completo a todos los datos accesibles de Oracle Hospitality Gift and Loyalty, as\u00ed como tambi\u00e9n en actualizaciones no autorizadas, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Hospitality Gift and Loyalty. CVSS 3.0 Puntuaci\u00f3n base 8.2 (Impactos de Confidencialidad e Integridad). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)."}], "lastModified": "2024-11-21T04:41:30.820", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:food_and_beverage_applications:9.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85CF6296-ECDC-49CB-BF28-4149C884DC66"}, {"criteria": "cpe:2.3:a:oracle:food_and_beverage_applications:9.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D707D35-20D0-4D6B-9FA7-209BF661EA20"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}