Hospitality Opera 5 Oracle Hospitality Opera 5

Do you want an email whenever new security vulnerabilities are reported in Oracle Hospitality Opera 5?

By the Year

In 2024 there have been 0 vulnerabilities in Oracle Hospitality Opera 5 . Hospitality Opera 5 did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 1 8.30
2020 4 8.15
2019 1 7.30
2018 0 0.00

It may take a day or so for new Hospitality Opera 5 vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Oracle Hospitality Opera 5 Security Vulnerabilities

Vulnerability in the Advanced Networking Option component of Oracle Database Server

CVE-2021-2351 8.3 - High - July 21, 2021

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Use of a Broken or Risky Cryptographic Algorithm

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution

CVE-2020-17530 9.8 - Critical - December 11, 2020

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.

EL Injection

Apache Groovy provides extension methods to aid with creating temporary directories

CVE-2020-17521 5.5 - Medium - December 07, 2020

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes

CVE-2019-17566 7.5 - High - November 12, 2020

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

XSPA

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files

CVE-2018-1285 9.8 - Critical - May 11, 2020

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.

XXE

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which

CVE-2019-10086 7.3 - High - August 20, 2019

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

Marshaling, Unmarshaling

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Oracle Blockchain Platform or by Oracle? Click the Watch button to subscribe.

Oracle
Vendor

subscribe