Exploitable Vulnerability in Primavera Unifier by Oracle
CVE-2018-2966

7.4HIGH

Key Information:

Vendor: Oracle
Status: Primavera Unifier
Vendor: CVE Published:; 18 July 2018

Summary

An exploitable vulnerability exists in the Primavera Unifier component of the Oracle Construction and Engineering Suite, allowing an unauthenticated attacker with network access via HTTP to compromise the system. The vulnerability primarily resides within Primavera Unifier, yet it poses a risk that may also affect other products within the suite. Successful exploitation requires human interaction from a user other than the attacker, which makes timing and social engineering pivotal to an attack. If exploited, it can lead to unauthorized creation, deletion, or modification of critical data, thereby putting sensitive information at risk.

Affected Version(s)

Primavera Unifier 16.x

Primavera Unifier 17.x

Primavera Unifier 18.x

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/104823

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 18, 2018
Vulnerability Reserved
Dec 15, 2017