Unauthorized Access Vulnerability in Primavera Portfolio Management by Oracle
CVE-2020-14527

5.9MEDIUM

Key Information:

Vendor: Oracle
Status: Primavera Portfolio Management
Vendor: CVE Published:; 15 July 2020

Summary

A vulnerability exists within the Primavera Portfolio Management product from Oracle, particularly affecting Web Access. This flaw allows an unauthenticated attacker with network access via HTTP the opportunity to compromise the system. Exploitation of this vulnerability necessitates human interaction from an individual other than the attacker. If successfully executed, the attacker can gain unauthorized access to critical data or potentially assume complete control over all accessible data within Primavera Portfolio Management. Furthermore, this vulnerability permits unauthorized updates, inserts, or deletions of certain data, posing a significant risk to the integrity and confidentiality of the information stored.

Affected Version(s)

Primavera Portfolio Management 16.1.0.0-16.1.5.1

Primavera Portfolio Management 18.0.0.0-18.0.2.0

Primavera Portfolio Management 19.0.0.0

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020