CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-10396

Vulnerability in the Oracle Hospitality Cruise AffairWhere component of Oracle Hospitality Applications (subcomponent: AffairWhere). Supported versions that are affected are 2.2.5.0, 2.2.6.0 and 2.2.7.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise AffairWhere executes to compromise Oracle Hospitality Cruise AffairWhere. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise AffairWhere, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise AffairWhere. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 62.2%

CVSS Severity

CVSS v3 Score 9.9

CVSS v2 Score 6.5

References

Products affected by CVE-2017-10396

Oracle » Hospitality Cruise Affairwhere » Version: 2.2.5.0

cpe:2.3:a:oracle:hospitality_cruise_affairwhere:2.2.5.0
Oracle » Hospitality Cruise Affairwhere » Version: 2.2.6.0

cpe:2.3:a:oracle:hospitality_cruise_affairwhere:2.2.6.0
Oracle » Hospitality Cruise Affairwhere » Version: 2.2.7.0

cpe:2.3:a:oracle:hospitality_cruise_affairwhere:2.2.7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-10396

Products

Pricing

Contact Us