SB2020071656 - Multiple vulnerabilities in Oracle Hospitality Reporting and Analytics

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Improper input validation (CVE-ID: CVE-2020-14616)

The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Reporting component in Oracle Hospitality Reporting and Analytics. A remote privileged user can exploit this vulnerability to gain access to sensitive information.

2) Improper input validation (CVE-ID: CVE-2020-14594)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Inventory Integration component in Oracle Hospitality Reporting and Analytics. A local privileged user can exploit this vulnerability to execute arbitrary code.

3) Improper input validation (CVE-ID: CVE-2020-14561)

The vulnerability allows a local authenticated user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Installation component in Oracle Hospitality Reporting and Analytics. A local authenticated user can exploit this vulnerability to execute arbitrary code.

4) Improper input validation (CVE-ID: CVE-2020-14543)

The vulnerability allows a local authenticated user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Installation component in Oracle Hospitality Reporting and Analytics. A local authenticated user can exploit this vulnerability to execute arbitrary code.

Remediation

Install update from vendor's website.

References

• https://www.oracle.com/security-alerts/cpujul2020.html?540355