Oracle Hospitality_opera_5
10 CVEs affecting Oracle Hospitality_opera_5. Latest disclosed: 2026-01-20. Critical: 4, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-17530 | Critical | 9.8 | 2020-12-11 | Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts… |
CVE-2018-1285 | Critical | 9.8 | 2020-05-11 | Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in appli… |
CVE-2025-21547 | Critical | 9.1 | 2025-01-21 | Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected ar… |
CVE-2024-21172 | Critical | 9.0 | 2024-10-15 | Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected ar… |
CVE-2026-21967 | High | 8.6 | 2026-01-20 | Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected ar… |
CVE-2021-2351 | High | 8.3 | 2021-07-21 | Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Diffi… |
CVE-2019-17566 | High | 7.5 | 2020-11-12 | Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted arg… |
CVE-2019-10086 | High | 7.3 | 2019-08-20 | In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader vi… |
CVE-2026-21966 | Medium | 6.1 | 2026-01-20 | Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). Supported versions that are a… |
CVE-2020-17521 | Medium | 5.5 | 2020-12-07 | Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was… |