Vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Web Access
CVE-2017-10131

6.5MEDIUM

Key Information:

Vendor
Oracle
Status
Primavera P6 Enterprise Project Portfolio Management
Vendor
CVE Published:
8 August 2017

Summary

An exploitable vulnerability exists in the Web Access component of Oracle Primavera P6 Enterprise Project Portfolio Management, affecting versions 8.3, 8.4, 15.1, 15.2, 16.1, and 16.2. This issue allows attackers with low privileges and network access via HTTP to compromise the application. Successful exploitation necessitates user interaction from a party other than the attacker, potentially leading to unauthorized modifications, deletions, or readings of accessible data. The vulnerability can also result in partial denial of service conditions, significantly impacting data integrity and availability across affected products.

Affected Version(s)

Primavera P6 Enterprise Project Portfolio Management 8.3

Primavera P6 Enterprise Project Portfolio Management 8.4

Primavera P6 Enterprise Project Portfolio Management 15.1

References

http://www.securitytracker.com/id/1038946
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99757
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.