Vulnerability in Primavera P6 Web Access of Oracle Primavera Products Suite
CVE-2017-10046

5.4MEDIUM

Key Information:

Vendor
Oracle
Status
Primavera P6 Enterprise Project Portfolio Management
Vendor
CVE Published:
8 August 2017

Summary

The vulnerability in the Primavera P6 Enterprise Project Portfolio Management component allows a low privileged attacker with network access via HTTP to potentially compromise the system. Successful exploitation requires user interaction from a third party, which can lead to unauthorized access to update, insert, or delete data within Primavera P6 EPPM. Additionally, it may expose a subset of accessible data without authorization, posing significant risks to the integrity and confidentiality of sensitive information. This issue affects multiple versions including 8.3, 8.4, 15.1, 15.2, and 16.1, underscoring the importance of prompt remediation to mitigate potential attacks.

Affected Version(s)

Primavera P6 Enterprise Project Portfolio Management 8.3

Primavera P6 Enterprise Project Portfolio Management 8.4

Primavera P6 Enterprise Project Portfolio Management 15.1

References

http://www.securitytracker.com/id/1038946
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
https://www.exploit-db.com/exploits/44141/
exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.