Authentication Bypass Vulnerability in Oracle Primavera Unifier
CVE-2018-2968

6.5MEDIUM

Key Information:

Vendor
Oracle
Status
Primavera Unifier
Vendor
CVE Published:
18 July 2018

Summary

An authentication bypass vulnerability exists within the Primavera Unifier component of Oracle's Construction and Engineering Suite. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the application's security. Exploitation of this vulnerability necessitates human interaction from a user who is not the attacker. Successful exploitation can lead to unauthorized actions, including the creation, deletion, or alteration of critical data, thereby putting all data accessible through Primavera Unifier at significant risk.

References

http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104823
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.