Unauthorized Data Access in Oracle Primavera Unifier
CVE-2018-2965

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Primavera Unifier
Vendor: CVE Published:; 18 July 2018

Summary

A significant vulnerability exists within the Primavera Unifier component of the Oracle Construction and Engineering Suite, specifically affecting the 16.x versions. This weakness allows an unauthenticated attacker with network access via HTTP to compromise the system. To exploit this vulnerability, an interaction from a user other than the attacker is necessary. While the primary target is Primavera Unifier, successful exploitation may influence other interconnected Oracle products. The attacks can lead to unauthorized capability to update, insert, or delete data, along with unauthorized reading of a portion of the accessible data within Primavera Unifier.

Affected Version(s)

Primavera Unifier 16.x

References

http://www.securityfocus.com/bid/104828

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 18, 2018
Vulnerability Reserved
Dec 15, 2017