Authentication Bypass Vulnerability in Oracle Primavera Unifier
CVE-2018-2968

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Primavera Unifier
Vendor: CVE Published:; 18 July 2018

What is CVE-2018-2968?

An authentication bypass vulnerability exists within the Primavera Unifier component of Oracle's Construction and Engineering Suite. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the application's security. Exploitation of this vulnerability necessitates human interaction from a user who is not the attacker. Successful exploitation can lead to unauthorized actions, including the creation, deletion, or alteration of critical data, thereby putting all data accessible through Primavera Unifier at significant risk.

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/104823

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 18, 2018
Vulnerability Reserved
Dec 15, 2017