Web Access Vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management
CVE-2019-2976

6.8MEDIUM

Key Information:

Vendor: Oracle
Status: Primavera P6 Enterprise Project Portfolio Management
Vendor: CVE Published:; 16 October 2019

Summary

A vulnerability exists in Oracle's Primavera P6 Enterprise Project Portfolio Management product within the Web Access component. This issue allows low-privileged attackers with network access via HTTP to potentially compromise the application. While successful exploitation requires human interaction from a user other than the attacker, the impact can lead to unauthorized access to critical data or complete access to all data managed by Primavera P6. This vulnerability affects several versions of the software, posing a significant risk to projects relying on this platform.

Affected Version(s)

Primavera P6 Enterprise Project Portfolio Management 17.1.0-17.12.12

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Dec 14, 2018