Oracle Hospitality OPERA 5 Unauthenticated HTTP Vulnerability Allowing Data Access and Denial-of-Service

Vulnerability

A vulnerability exists in Oracle Hospitality OPERA 5 versions 5.6.19.20, 5.6.25.8, 5.6.26.6, and 5.6.27.1 within the Opera Servlet component. This easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the application. Successful exploitation can lead to unauthorized access to critical data or complete access to all accessible data in Oracle Hospitality OPERA 5, as well as the unauthorized ability to cause a complete denial-of-service by hanging the application or causing it to crash frequently and repeatably.

Impact

Exploitation of this vulnerability allows for unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data. Additionally, it enables an unauthorized ability to cause a complete denial-of-service by hanging the application or causing it to crash frequently and repeatably.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

7.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

7.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle Hospitality OPERA 5 Unauthenticated HTTP Vulnerability Allowing Data Access and Denial-of-Service

Vulnerability

Impact

Affected Products

Oracle Hospitality OPERA 5

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating