CVE-2024-21172

Summary

CVE-2024-21172 is a critical vulnerability affecting specific versions of Oracle Hospitality OPERA 5, namely 5.6.19.19, 5.6.25.8, and 5.6.26.4, which can be exploited by unauthenticated attackers with network access via HTTP. The vulnerability poses significant risks to confidentiality, integrity, and availability, potentially allowing attackers to take control of the affected product and impacting related systems as well. To remediate this vulnerability, organizations should promptly apply updates or patches provided by Oracle as outlined in their security alerts (see Oracle Security Alerts). The exploitability score for this vulnerability is rated at 2.2, indicating a high potential for exploitation despite requiring complex attack methods. Given its CVSS score of 9.0, organizations are advised to prioritize mitigation efforts to protect sensitive data and maintain operational integrity.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.