← back
CVE-2024-21014

CVE-2024-21014

CVSS 9.8 CRITICALEPSS 0.8%CWE-306
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
16 Apr 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Oracle Corporation · Hospitality Simphony

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.oracle.com/security-alerts/cpuapr2024.html