Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH network
high complexity
oracle
exploit available
Published: 2018-01-18
Updated: 2024-11-21
Summary
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security). Supported versions that are affected are 2.7, 2.8 and 2.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Vulnerable Configurations
Part | Description | Count |
Application | Oracle | 3 |
Exploit-Db
description | Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal. CVE-2018-2636. Webapps exploit for Multiple platform |
file | exploits/multiple/webapps/43960.py |
id | EDB-ID:43960 |
last seen | 2018-02-02 |
modified | 2018-02-02 |
platform | multiple |
port | |
published | 2018-02-02 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/43960/ |
title | Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal |
type | webapps |