Oracle Hospitality OPERA 5 Unauthorized Data Access and Partial Denial-of-Service Vulnerability

Vulnerability

A vulnerability exists in Oracle Hospitality OPERA 5 versions 5.6.19.23, 5.6.25.17, 5.6.26.10, and 5.6.27.4 within the Opera Servlet component. This easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the application. Successful exploitation can lead to unauthorized access to critical data, complete access to all OPERA 5 accessible data, and unauthorized capabilities to update, insert, or delete certain OPERA 5 data. Additionally, this vulnerability allows for a partial denial-of-service condition on Oracle Hospitality OPERA 5.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive data, complete access to all data within Oracle Hospitality OPERA 5, unauthorized modifications to some OPERA 5 data, and a partial denial-of-service condition on the application.

Added: Jan 20, 2026, 10:48 PM

Updated: Jan 20, 2026, 10:48 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

3.8

exploitability

7.0

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

3.8

exploitability

7.0

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle Hospitality OPERA 5 Unauthorized Data Access and Partial Denial-of-Service Vulnerability

Vulnerability

Impact

Affected Products

Oracle Hospitality OPERA 5

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating