The hundreds of hotels and other hospitality-related organisations across the globe who use Oracle’s Opera property management system may wish to immediately patch a bug that Oracle revealed in its April 2023 security update.
Only an authenticated attacker with highly privileged access might take use of the vulnerability (CVE-2023-21932), according to Oracle, which has defined it as a complicated flaw in the Oracle Hospitality Opera 5 Property Services software. Based on factors like the apparent inability of an attacker to remotely exploit it, the vendor gave it a moderate severity rating of 7.2 on the CVSS scale.
Inaccurate evaluation
Oracle’s description of the vulnerability is incorrect, according to the researchers who actually found and reported the bug to the firm.
The researchers from Assetnote, a company that manages attack surfaces, and two other organisations claimed in a blog post that they had used the weaknes
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: