Vulnerability in Primavera P6 Web Access of Oracle Primavera Products Suite
CVE-2017-10046
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 8 August 2017
Summary
The vulnerability in the Primavera P6 Enterprise Project Portfolio Management component allows a low privileged attacker with network access via HTTP to potentially compromise the system. Successful exploitation requires user interaction from a third party, which can lead to unauthorized access to update, insert, or delete data within Primavera P6 EPPM. Additionally, it may expose a subset of accessible data without authorization, posing significant risks to the integrity and confidentiality of sensitive information. This issue affects multiple versions including 8.3, 8.4, 15.1, 15.2, and 16.1, underscoring the importance of prompt remediation to mitigate potential attacks.
Affected Version(s)
Primavera P6 Enterprise Project Portfolio Management 8.3
Primavera P6 Enterprise Project Portfolio Management 8.4
Primavera P6 Enterprise Project Portfolio Management 15.1
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved