Unauthorized Access Vulnerability in Oracle Primavera Gateway
CVE-2017-3500

8.7HIGH

Key Information:

Vendor

Oracle
Status
Primavera Gateway
Vendor
CVE Published:
24 April 2017

What is CVE-2017-3500?

The vulnerability in the Primavera Gateway component of Oracle's Primavera Products Suite allows an unauthenticated attacker with network access to exploit this weakness via HTTP. This vulnerability affects multiple supported versions and can result in unauthorized access to sensitive data, as well as the potential to cause denial-of-service incidents by crashing the service. Attackers leveraging this vulnerability can gain significant control over Primavera Gateway and impact additional associated products, thus underscoring the need for urgent attention to mitigate risks.

Affected Version(s)

Primavera Gateway 1.0

Primavera Gateway 1.1

Primavera Gateway 14.2

References

http://www.securityfocus.com/bid/97881
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038289
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.