CVE-2021-2311
MEDIUMOracle Food and Beverage Apps <9.1.0 - Unauthorized Access
Title source: llmDescription
Vulnerability in the Oracle Hospitality Inventory Management product of Oracle Food and Beverage Applications (component: Export to Reporting and Analytics). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Inventory Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Inventory Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2021.html
Scores
CVSS v3
6.5
EPSS
0.0052
EPSS Percentile
66.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
Status
published
Products (1)
oracle/hospitality_inventory_management
9.1.0
Published
Apr 22, 2021
Tracked Since
Feb 18, 2026