Vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management
CVE-2017-3503

9.9CRITICAL

Key Information:

Vendor

Oracle
Status
Primavera P6 Enterprise Project Portfolio Management
Vendor
CVE Published:
24 April 2017

What is CVE-2017-3503?

A vulnerability exists in the Primavera P6 Enterprise Project Portfolio Management component of Oracle's Primavera Products Suite. This weakness can be exploited by a low-privileged attacker with network access via HTTP. The vulnerability affects multiple versions of the product and can lead to the potential takeover of the Primavera P6 system. Additionally, successful exploitation could not only compromise Primavera P6 itself but may also impact other integrated products. Organizations using affected versions should take immediate steps to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Primavera P6 Enterprise Project Portfolio Management 8.3

Primavera P6 Enterprise Project Portfolio Management 8.4

Primavera P6 Enterprise Project Portfolio Management 15.1

References

http://www.securityfocus.com/bid/97891
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038289
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.