Intrusion Prevention

Oracle.Hospitality.Simphony.EGateway.Information.Disclosure

Description

This indicates an attack attempt to exploit an Information Disclsoure vulnerability in Oracle Hospitality Simphony.
The vulnerability is due to an error when Oracle's MICROS EGateway Application Service attempts to handle a maliciously crafted HTTP request. A remote attacker may be able to gain sensitive information from vulnerable systems.

Affected Products

Oracle Hospitality Simphony 2.9
Oracle Hospitality Simphony 2.8
Oracle Hospitality Simphony 2.7

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

CVE References

CVE-2018-2636