Unauthorized Access Vulnerability in Oracle Primavera P6 Project Management
CVE-2019-2512

4.7MEDIUM

Key Information:

Vendor
Oracle
Vendor
CVE Published:
16 January 2019

Summary

A vulnerability exists in the Primavera P6 Enterprise Project Portfolio Management component of Oracle's Construction and Engineering Suite. This flaw can be exploited by unauthenticated attackers with network access through HTTP, enabling potential manipulation of accessible data. Successful exploitation requires human interaction from an unsuspecting user. The impact includes unauthorized updates, inserts, or deletions of certain data, as well as unauthorized read access to specific subsets of Primavera P6 data. This vulnerability highlights the importance of securing web access to critical project management systems.

Affected Version(s)

Primavera P6 Enterprise Project Portfolio Management 8.4

Primavera P6 Enterprise Project Portfolio Management 15.1

Primavera P6 Enterprise Project Portfolio Management 15.2

References

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.