CVE-2020-2599

low-risk
Published 2020-01-15

Vulnerability in the Oracle Hospitality Cruise Materials Management product of Oracle Hospitality Applications (component: MMS All). The supported version that is affected is 7.30.567. Difficult to exploit vulnerability allows physical access to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Materials Management accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

Do I need to act?

-
0.25% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.2/10 Medium
PHYSICAL / HIGH complexity

Affected Products (1)

Hospitality Cruise Materials Management

Affected Vendors

Oracle

References (2)

Patch https://www.oracle.com/security-alerts/cpujan2020.html
Patch https://www.oracle.com/security-alerts/cpujan2020.html
17
/ 100
low-risk
Severity 11/34 · Low
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal