Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-5301 1 Huawei 2 Honor V20, Honor V20 Firmware 2020-08-24 4.3 MEDIUM 3.3 LOW
Huawei smart phones Honor V20 with the versions before 9.0.1.161(C00E161R2P2) have an information leak vulnerability. An attacker may trick a user into installing a malicious application. Due to coding error during layer information processing, attackers can exploit this vulnerability to obtain some layer information.
CVE-2019-5308 1 Huawei 2 Mate 20 Rs, Mate 20 Rs Firmware 2020-08-24 2.1 LOW 2.4 LOW
Mate 20 RS smartphones with versions earlier than 9.1.0.135(C786E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation in ADB mode, successful exploit could allow the attacker to switch to third desktop after a series of operation.
CVE-2019-4214 1 Ibm 1 Smartcloud Analytics Log Analysis 2020-08-24 4.3 MEDIUM 3.7 LOW
IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185.
CVE-2019-6156 1 Lenovo 354 330-14igm, 330-14igm Firmware, 330-15igm and 351 more 2020-08-24 2.1 LOW 3.3 LOW
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.
CVE-2019-6122 1 Nicehash 1 Miner 2020-08-24 4.3 MEDIUM 3.1 LOW
A Username Enumeration via Error Message issue was discovered in NiceHash Miner before 2.0.3.0 because an "EMAIL DOES NOT EXIST" error message occurs whenever a submitted email address is incorrect, but there is a different error message for invalid credentials with a correct email address.
CVE-2019-7176 1 Gitlab 1 Gitlab 2020-08-24 4.3 MEDIUM 3.7 LOW
An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility.
CVE-2019-4207 1 Ibm 1 Tririga Application Platform 2020-08-24 2.1 LOW 3.3 LOW
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148.
CVE-2019-9219 1 Gitlab 1 Gitlab 2020-08-24 4.3 MEDIUM 3.7 LOW
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5).
CVE-2019-4161 1 Ibm 1 Security Information Queue 2020-08-24 2.1 LOW 3.3 LOW
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 158660.
CVE-2019-9364 1 Google 1 Android 2020-08-24 2.1 LOW 3.3 LOW
In AudioService, there is a possible trigger of background user audio due to a permissions bypass. This could lead to local information disclosure by playing the background user's audio with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73364631
CVE-2019-4132 1 Ibm 1 Cloud Automation Manager 2020-08-24 2.1 LOW 3.3 LOW
IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message. IBM X-Force ID: 158274.
CVE-2019-3962 1 Tenable 1 Nessus 2020-08-24 4.3 MEDIUM 3.3 LOW
Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the authenticated adversary to inject arbitrary text into the feed status, which will remain saved post session expiration.
CVE-2019-2807 1 Oracle 1 Solaris 2020-08-24 3.3 LOW 3.9 LOW
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zones). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L).
CVE-2019-2761 1 Oracle 1 Application Object Library 2020-08-24 4.3 MEDIUM 3.7 LOW
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2019-2605 1 Oracle 1 Business Intelligence 2020-08-24 2.6 LOW 3.4 LOW
Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Web Catalog). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).
CVE-2019-2553 1 Oracle 1 Vm Virtualbox 2020-08-24 2.1 LOW 3.8 LOW
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).
CVE-2019-2513 2 Netapp, Oracle 5 Oncommand Unified Manager, Oncommand Workflow Automation, Snapcenter and 2 more 2020-08-24 1.2 LOW 2.5 LOW
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N).
CVE-2019-2506 1 Oracle 1 Vm Virtualbox 2020-08-24 2.1 LOW 3.8 LOW
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).
CVE-2019-2493 1 Oracle 1 Peoplesoft Enterprise Campus Software Campus Community 2020-08-24 2.6 LOW 3.1 LOW
Vulnerability in the PeopleSoft Enterprise CS Campus Community component of Oracle PeopleSoft Products (subcomponent: Frameworks). Supported versions that are affected are 9.0 and 9.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CS Campus Community accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
CVE-2019-20595 1 Google 1 Android 2020-08-24 2.1 LOW 2.4 LOW
An issue was discovered on Samsung mobile devices with P(9.0) software. Quick Panel allows enabling or disabling the Bluetooth stack without authentication. The Samsung ID is SVE-2019-14545 (July 2019).
CVE-2018-0853 1 Microsoft 1 Office 2020-08-24 4.3 MEDIUM 3.3 LOW
Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka "Microsoft Office Information Disclosure Vulnerability".
CVE-2019-15332 1 Lavamobiles 2 Z61, Z61 Firmware 2020-08-24 2.1 LOW 3.3 LOW
The Lava Z61 Android device with a build fingerprint of LAVA/Z61_2GB/Z61_2GB:8.1.0/O11019/1533889281:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface.
CVE-2019-14402 1 Cpanel 1 Cpanel 2020-08-24 2.1 LOW 3.3 LOW
cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481).
CVE-2019-14391 1 Cpanel 1 Cpanel 2020-08-24 2.1 LOW 3.3 LOW
cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514).
CVE-2018-0919 1 Microsoft 7 Office, Office Online Server, Office Web Apps and 4 more 2020-08-24 4.3 MEDIUM 3.3 LOW
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka "Microsoft Office Information Disclosure Vulnerability".
CVE-2019-11334 1 Tzumi 3 Klic Lock, Klic Smart Padlock Model 5686, Klic Smart Padlock Model 5686 Firmware 2020-08-24 4.3 MEDIUM 3.7 LOW
An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible without proper authentication) via capture-replay. Physically proximate attackers can use this information to unlock unauthorized Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2.
CVE-2019-0174 1 Intel 376 2000e, 2000e Firmware, 2002e and 373 more 2020-08-24 2.1 LOW 3.3 LOW
Logic condition in specific microprocessors may allow an authenticated user to potentially enable partial physical address information disclosure via local access.
CVE-2019-4465 1 Ibm 1 Cloud Pak System 2020-08-24 2.1 LOW 3.3 LOW
IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774.
CVE-2018-2497 1 Sap 1 Hana 2020-08-24 4.0 MEDIUM 2.7 LOW
The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT.
CVE-2020-13282 1 Gitlab 1 Gitlab 2020-08-19 4.9 MEDIUM 3.5 LOW
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access.
CVE-2020-6653 1 Eaton 1 Secureconnect 2020-08-19 2.1 LOW 3.9 LOW
Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can use the information to monitor and control the user's account and associated devices.
CVE-2016-1000002 4 Debian, Gnome, Opensuse and 1 more 4 Debian Linux, Gnome Display Manager, Leap and 1 more 2020-08-18 2.1 LOW 2.4 LOW
gdm3 3.14.2 and possibly later has an information leak before screen lock
CVE-2019-2987 4 Debian, Netapp, Oracle and 1 more 12 Debian Linux, E-series Santricity Os Controller, E-series Santricity Storage Manager and 9 more 2020-08-18 4.3 MEDIUM 3.7 LOW
Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2020-8912 1 Amazon 1 Aws S3 Crypto Sdk 2020-08-17 2.1 LOW 2.5 LOW
A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this in combination with a decryption oracle can reveal the authentication key used by AES-GCM as decrypting the GMAC tag leaves the authentication key recoverable as an algebraic equation. It is recommended to update your SDK to V2 or later, and re-encrypt your files.
CVE-2014-8134 5 Canonical, Linux, Opensuse and 2 more 6 Ubuntu Linux, Linux Kernel, Evergreen and 3 more 2020-08-14 1.9 LOW 3.3 LOW
The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value.
CVE-2017-15528 1 Norton 1 Install Norton Security 2020-08-12 4.3 MEDIUM 3.7 LOW
Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target.
CVE-2019-15126 2 Apple, Broadcom 15 Ipados, Iphone Os, Mac Os X and 12 more 2020-08-11 2.9 LOW 3.1 LOW
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
CVE-2020-16201 1 Deltaww 1 Cncsoft Screeneditor 2020-08-06 4.3 MEDIUM 3.3 LOW
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read information.
CVE-2020-4243 1 Ibm 1 Security Identity Governance And Intelligence 2020-08-06 4.3 MEDIUM 3.7 LOW
IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session tokens. IBM X-Force ID: 175420.
CVE-2020-11083 1 Octobercms 1 October 2020-08-04 3.5 LOW 3.5 LOW
In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of the RainLab.Blog plugin, this has also been fixed in 1.4.1.
CVE-2020-11932 1 Canonical 1 Subiquity 2020-08-03 2.1 LOW 2.3 LOW
It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.
CVE-2019-20382 2 Opensuse, Qemu 2 Leap, Qemu 2020-07-26 2.7 LOW 3.5 LOW
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
CVE-2019-12068 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2020-07-26 2.1 LOW 3.8 LOW
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
CVE-2020-4371 1 Ibm 1 Verify Gateway 2020-07-24 2.1 LOW 3.3 LOW
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008.
CVE-2020-3930 1 Geovision 2 Gv-gf192x, Gv-gf192x Firmware 2020-07-23 2.1 LOW 3.3 LOW
GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs.
CVE-2020-9252 1 Huawei 8 Magic2, Magic2 Firmware, Mate 20 and 5 more 2020-07-22 2.1 LOW 2.3 LOW
HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than 10.1.0.160(C00E160R2P11) have a path traversal vulnerability. The system does not sufficiently validate certain pathname from certain process, successful exploit could allow the attacker write files to a crafted path.
CVE-2020-14590 1 Oracle 1 Applications Framework 2020-07-21 4.0 MEDIUM 2.7 LOW
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Page Request). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).
CVE-2020-14533 1 Oracle 1 Commerce Platform 2020-07-20 4.9 MEDIUM 3.5 LOW
Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.1, 11.2 and prior to 11.3.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 3.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N).
CVE-2020-14541 1 Oracle 1 Hyperion Financial Close Management 2020-07-17 2.1 LOW 2.0 LOW
Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Financial Close Management accessible data. CVSS 3.1 Base Score 2.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N).
CVE-2020-14616 1 Oracle 1 Food And Beverage Applications 2020-07-16 4.0 MEDIUM 2.7 LOW
Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).