CVE-2019-3025

CRITICAL

Oracle Food and Beverage Apps <5.7 - RCE

Title source: llm

Description

Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. The supported version that is affected is 5.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality RES 3700. While the vulnerability is in Oracle Hospitality RES 3700, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality RES 3700. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

Exploits (1)

exploitdb WORKING POC
by Walid Faour · textwebappsjava
https://www.exploit-db.com/exploits/48477

References (2)

Scores

CVSS v3 9.0
EPSS 0.3080
EPSS Percentile 96.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

Status published
Products (1)
oracle/hospitality_res_3700 5.7
Published Oct 16, 2019
Tracked Since Feb 18, 2026