{"api_version":"1","generated_at":"2026-04-22T23:29:29+00:00","cve":"CVE-2017-10225","urls":{"html":"https://cve.report/CVE-2017-10225","api":"https://cve.report/api/cve/CVE-2017-10225.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-10225","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-10225"},"summary":{"title":"CVE-2017-10225","description":"Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Hospitality Applications (subcomponent: OPS Operations). The supported version that is affected is 5.5. Difficult to exploit vulnerability allows physical access to compromise Oracle Hospitality RES 3700. While the vulnerability is in Oracle Hospitality RES 3700, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality RES 3700 accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality RES 3700 accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality RES 3700. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L).","state":"PUBLIC","assigner":"secalert_us@oracle.com","published_at":"2017-08-08 15:29:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/99815","name":"99815","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Oracle Hospitality Applications CVE-2017-10225 Local Security Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securitytracker.com/id/1038941","name":"1038941","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Oracle Hospitality Applications Multiple Flaws Let Remote and Local Users Access and Modify Data and Deny Service - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"Oracle Critical Patch Update - July 2017","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-10225","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10225","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"10225","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"hospitality_res_3700","cpe6":"5.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"10225","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"hospitality_res_3700","cpe6":"5.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secalert_us@oracle.com","ID":"CVE-2017-10225","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Hospitality RES 3700","version":{"version_data":[{"version_affected":"=","version_value":"5.5"}]}}]},"vendor_name":"Oracle Corporation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Hospitality Applications (subcomponent: OPS Operations). The supported version that is affected is 5.5. Difficult to exploit vulnerability allows physical access to compromise Oracle Hospitality RES 3700. While the vulnerability is in Oracle Hospitality RES 3700, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality RES 3700 accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality RES 3700 accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality RES 3700. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L)."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Difficult to exploit vulnerability allows physical access to compromise Oracle Hospitality RES 3700.  While the vulnerability is in Oracle Hospitality RES 3700, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality RES 3700 accessible data as well as  unauthorized access to critical data or complete access to all Oracle Hospitality RES 3700 accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality RES 3700."}]}]},"references":{"reference_data":[{"name":"1038941","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1038941"},{"name":"99815","refsource":"BID","url":"http://www.securityfocus.com/bid/99815"},{"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"}]}},"nvd":{"publishedDate":"2017-08-08 15:29:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L","attackVector":"PHYSICAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW","baseScore":7,"baseSeverity":"HIGH"},"exploitabilityScore":0.4,"impactScore":6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.4},"severity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:hospitality_res_3700:5.5:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"10225","Ordinal":"107067","Title":"CVE-2017-10225","CVE":"CVE-2017-10225","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"10225","Ordinal":"1","NoteData":"Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Hospitality Applications (subcomponent: OPS Operations). The supported version that is affected is 5.5. Difficult to exploit vulnerability allows physical access to compromise Oracle Hospitality RES 3700. While the vulnerability is in Oracle Hospitality RES 3700, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality RES 3700 accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality RES 3700 accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality RES 3700. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L).","Type":"Description","Title":null},{"CveYear":"2017","CveId":"10225","Ordinal":"2","NoteData":"2017-08-08","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"10225","Ordinal":"3","NoteData":"2017-08-09","Type":"Other","Title":"Modified"}]}}}