Vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Web Access
CVE-2017-10131
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 8 August 2017
Summary
An exploitable vulnerability exists in the Web Access component of Oracle Primavera P6 Enterprise Project Portfolio Management, affecting versions 8.3, 8.4, 15.1, 15.2, 16.1, and 16.2. This issue allows attackers with low privileges and network access via HTTP to compromise the application. Successful exploitation necessitates user interaction from a party other than the attacker, potentially leading to unauthorized modifications, deletions, or readings of accessible data. The vulnerability can also result in partial denial of service conditions, significantly impacting data integrity and availability across affected products.
Affected Version(s)
Primavera P6 Enterprise Project Portfolio Management 8.3
Primavera P6 Enterprise Project Portfolio Management 8.4
Primavera P6 Enterprise Project Portfolio Management 15.1
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved