cvelist/2017/10xxx/CVE-2017-10367.json

{
    "CVE_data_meta": {
        "ASSIGNER": "secalert_us@oracle.com",
        "ID": "CVE-2017-10367",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Hospitality Simphony",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "2.8"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "2.9"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Oracle Corporation"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Engagement). Supported versions that are affected are 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data as well as unauthorized read access to a subset of Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data as well as  unauthorized read access to a subset of Oracle Hospitality Simphony accessible data."
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "101422",
                "refsource": "BID",
                "url": "http://www.securityfocus.com/bid/101422"
            },
            {
                "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
                "refsource": "CONFIRM",
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            }
        ]
    }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
"-Synchronized-Data." 2019-03-17 21:29:37 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "secalert_us@oracle.com",`
			`"ID": "CVE-2017-10367",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Hospitality Simphony",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "=",`
			`"version_value": "2.8"`
			`},`
			`{`
			`"version_affected": "=",`
			`"version_value": "2.9"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Oracle Corporation"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
- Synchronized data. 2017-10-19 13:07:28 -04:00			`{`
"-Synchronized-Data." 2019-03-17 21:29:37 +00:00			`"lang": "eng",`
			"value": "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Engagement). Supported versions that are affected are 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data as well as unauthorized read access to a subset of Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)."
- Synchronized data. 2017-10-19 13:07:28 -04:00			`}`
"-Synchronized-Data." 2019-03-17 21:29:37 +00:00			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data as well as unauthorized read access to a subset of Oracle Hospitality Simphony accessible data."`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "101422",`
			`"refsource": "BID",`
			`"url": "http://www.securityfocus.com/bid/101422"`
			`},`
			`{`
			`"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",`
			`"refsource": "CONFIRM",`
			`"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"`
			`}`
			`]`
			`}`
			`}`