Vulnerability in Primavera Gateway Component of Oracle Primavera Products Suite
CVE-2017-3508

9.1CRITICAL

Key Information:

Vendor
Oracle
Status
Primavera Gateway
Vendor
CVE Published:
24 April 2017

Summary

A vulnerability found in the Primavera Gateway component of the Oracle Primavera Products Suite allows high privileged attackers with network access to exploit the system via HTTP. This weakness can lead to the complete takeover of the Primavera Gateway, potentially affecting additional products within the suite. It is crucial for users of affected versions (1.0, 1.1, 14.2, 15.1, 15.2, 16.1, and 16.2) to apply security updates promptly to mitigate the risks associated with this vulnerability.

Affected Version(s)

Primavera Gateway 1.0

Primavera Gateway 1.1

Primavera Gateway 14.2

References

http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/97883
vdb-entryx_refsource_BID
http://www.securityfocus.com/bid/97889
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.