Unauthorized Access Vulnerability in Oracle Primavera P6 Project Management
CVE-2019-2512
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 16 January 2019
Summary
A vulnerability exists in the Primavera P6 Enterprise Project Portfolio Management component of Oracle's Construction and Engineering Suite. This flaw can be exploited by unauthenticated attackers with network access through HTTP, enabling potential manipulation of accessible data. Successful exploitation requires human interaction from an unsuspecting user. The impact includes unauthorized updates, inserts, or deletions of certain data, as well as unauthorized read access to specific subsets of Primavera P6 data. This vulnerability highlights the importance of securing web access to critical project management systems.
Affected Version(s)
Primavera P6 Enterprise Project Portfolio Management 8.4
Primavera P6 Enterprise Project Portfolio Management 15.1
Primavera P6 Enterprise Project Portfolio Management 15.2
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved