Vulnerability in Primavera P6 from Oracle Affecting Web Access
CVE-2017-10038

6.5MEDIUM

Key Information:

Vendor
Oracle
Vendor
CVE Published:
8 August 2017

Summary

An improper authorization vulnerability exists in the Primavera P6 component of Oracle Primavera Products Suite, specifically affecting the Web Access subcomponent. This vulnerability can be exploited by a low-privileged attacker with network access via HTTP. If successfully exploited, the attacker could gain unauthorized access to sensitive data or potentially gain complete access to all Primavera P6 accessible data. Organizations using affected versions 15.1, 15.2, 16.1, and 16.2 should assess their security posture and implement recommended mitigations to safeguard their data.

Affected Version(s)

Primavera P6 Enterprise Project Portfolio Management 15.1

Primavera P6 Enterprise Project Portfolio Management 15.2

Primavera P6 Enterprise Project Portfolio Management 16.1

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.