Vulnerability in Primavera P6 from Oracle Affecting Web Access
CVE-2017-10038

6.5MEDIUM

Key Information:

Vendor
Oracle
Status
Primavera P6 Enterprise Project Portfolio Management
Vendor
CVE Published:
8 August 2017

Summary

An improper authorization vulnerability exists in the Primavera P6 component of Oracle Primavera Products Suite, specifically affecting the Web Access subcomponent. This vulnerability can be exploited by a low-privileged attacker with network access via HTTP. If successfully exploited, the attacker could gain unauthorized access to sensitive data or potentially gain complete access to all Primavera P6 accessible data. Organizations using affected versions 15.1, 15.2, 16.1, and 16.2 should assess their security posture and implement recommended mitigations to safeguard their data.

Affected Version(s)

Primavera P6 Enterprise Project Portfolio Management 15.1

Primavera P6 Enterprise Project Portfolio Management 15.2

Primavera P6 Enterprise Project Portfolio Management 16.1

References

http://www.securitytracker.com/id/1038946
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99751
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.