Unauthorized Access Vulnerability in Oracle Primavera P6 Project Management
CVE-2019-2512

4.7MEDIUM

Key Information:

Vendor: Oracle
Status: Primavera P6 Enterprise Project Portfolio Management
Vendor: CVE Published:; 16 January 2019

Summary

A vulnerability exists in the Primavera P6 Enterprise Project Portfolio Management component of Oracle's Construction and Engineering Suite. This flaw can be exploited by unauthenticated attackers with network access through HTTP, enabling potential manipulation of accessible data. Successful exploitation requires human interaction from an unsuspecting user. The impact includes unauthorized updates, inserts, or deletions of certain data, as well as unauthorized read access to specific subsets of Primavera P6 data. This vulnerability highlights the importance of securing web access to critical project management systems.

Affected Version(s)

Primavera P6 Enterprise Project Portfolio Management 8.4

Primavera P6 Enterprise Project Portfolio Management 15.1

Primavera P6 Enterprise Project Portfolio Management 15.2

References

http://www.securityfocus.com/bid/106614

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 16, 2019
Vulnerability Reserved
Dec 14, 2018