Is CVE-2018-2636 known to be exploited?

32 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Oracle Corporation Hospitality Simphony

CVE-2018-2636

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security). Supported versions that are affected are 2.7, 2.8 and 2.9. Difficult to exploit vulnerability allows unauthenticated at…

EPSS: 0.659 (98.5th percentile) — read the EPSS interpretation.

Affected products

Oracle Corporation Hospitality Simphony — versions 2.7, 2.8, 2.9

Public proof-of-concept exploits

References

github.com/erpscanteam/CVE-2018-2636 (x_refsource_MISC)
erpscan.io/advisories/erpscan-18-002-oracle-micros-pos-missing-authorisation-ch… (x_refsource_MISC)
www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html (x_refsource_CONFIRM)
43960 (exploit, x_refsource_EXPLOIT-DB)
erpscan.io/press-center/blog/oracle-micros-pos-breached/ (x_refsource_MISC)
102560 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2018-2636?: CVE-2018-2636 is a vulnerability in Oracle Corporation Hospitality Simphony. Published 2018-01-18.
Is CVE-2018-2636 known to be exploited?: 32 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.