CVE# Product Component Protocol RemoteExploitwithoutAuth.? CVSS VERSI

1. CVE# Product Component Protocol Remote
2. Exploit
3. without
4. Auth.? CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected Notes
5. Base
6. Score Attack
7. Vector Attack
8. Complex Privs
9. Req'd User
10. Interact Scope Confid-
11. entiality Inte-
12. grity Avail-
13. ability
14. CVE-2018-2697 Oracle Hospitality Cruise Fleet Management Emergency Response System HTTP Yes 9.1 Network Low None None Un-
15. changed High High None 9.0.4.0
16. CVE-2017-0781 MICROS Handheld Terminal MC40 Zebra Handheld unit Bluetooth Yes 8.8 Adjacent
17. Network Low None None Un-
18. changed High High High Prior to BSP 02.13.0701 (070116)
19. CVE-2018-2608 Oracle Hospitality Simphony Security HTTP Yes 8.6 Network Low None None Changed High None None 2.7
20. CVE-2018-2597 Oracle Hospitality Cruise Dining Room Management SilverWhere HTTP Yes 8.2 Network Low None Required Changed High Low None 8.0.78
21. CVE-2018-2621 Oracle Hospitality Cruise Shipboard Property Management System Mobile Gangway and Mustering HTTP Yes 8.2 Network Low None None Un-
22. changed High Low None 7.3.874
23. CVE-2017-13077 MICROS Handheld Terminal MC40 Zebra Handheld unit WiFi Yes 8.1 Adjacent
24. Network Low None None Un-
25. changed High High None Prior to BSP 02.13.0701 (070116)
26. CVE-2017-12617 Oracle Hospitality Guest Access Base (Apache Tomcat) HTTP Yes 8.1 Network High None None Un-
27. changed High High High 4.2.0, 4.2.1
28. CVE-2018-2666 Oracle Hospitality Labor Management Webservice Endpoint HTTP No 8.1 Network Low Low None Un-
29. changed High High None 8.5.1, 9.0.0
30. CVE-2018-2636 Oracle Hospitality Simphony Security HTTP Yes 8.1 Network High None None Un-
31. changed High High High 2.7, 2.8, 2.9
32. CVE-2018-2701 Oracle Hospitality Cruise Fleet Management Emergency Response System HTTP No 7.6 Network Low Low Required Changed High Low None 9.0.4.0
33. CVE-2018-2700 Oracle Hospitality Cruise Fleet Management Emergency Response System HTTP Yes 7.5 Network Low None None Un-
34. changed High None None 9.0.4.0
35. CVE-2018-2604 Oracle Hospitality Guest Access Base HTTP Yes 7.5 Network Low None None Un-
36. changed High None None 4.2.1
37. CVE-2018-2589 Oracle Hospitality Simphony Enterprise Server HTTP Yes 7.5 Network Low None None Un-
38. changed High None None 2.7, 2.8, 2.9
39. CVE-2018-2672 Oracle Hospitality Simphony POS HTTP Yes 7.5 Network Low None None Un-
40. changed High None None 2.7, 2.8, 2.9
41. CVE-2018-2683 Oracle Hospitality Simphony POS HTTP Yes 7.5 Network Low None None Un-
42. changed None None High 2.7, 2.8, 2.9
43. CVE-2018-2650 Oracle Hospitality Reporting and Analytics Report HTTP No 7.1 Network Low Low None Un-
44. changed Low High None 8.5.1, 9.0.0
45. CVE-2018-2619 Oracle Hospitality Simphony Security HTTP No 6.5 Network Low Low None Un-
46. changed High None None 2.7
47. CVE-2018-2606 Oracle Hospitality Guest Access Base None No 6.2 Local Low None None Un-
48. changed High None None 4.2.0, 4.2.1
49. CVE-2018-2669 Oracle Hospitality Reporting and Analytics Report HTTP Yes 6.1 Network Low None Required Changed Low Low None 8.5.1, 9.0.0
50. CVE-2018-2673 Oracle Hospitality Simphony POS HTTP Yes 5.9 Network High None None Un-
51. changed High None None 2.7, 2.8, 2.9
52. CVE-2018-2607 Oracle Hospitality Guest Access Base HTTP No 4.9 Network Low High None Un-
53. changed None None High 4.2.1
54.  
55.  
56. Additional CVEs addressed are below:
57.  
58. The fix for CVE-2017-0781 also addresses CVE-2017-0782, CVE-2017-0783 and CVE-2017-0785.
59. The fix for CVE-2017-13077 also addresses CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081 and CVE-2017-13082.