Unauthenticated Vulnerability in Primavera Portfolio Management by Oracle
CVE-2020-14528

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Primavera Portfolio Management
Vendor: CVE Published:; 15 July 2020

Summary

A vulnerability exists in the Oracle Primavera Portfolio Management product, specifically in the Web Access component. Affected versions include 16.1.0.0 through 16.1.5.1, 18.0.0.0 through 18.0.2.0, and version 19.0.0.0. This easily exploitable flaw allows unauthorized individuals with network access via HTTP to compromise the application's security. Successful exploitation requires human interaction from an unsuspecting user. Consequently, attackers could gain unauthorized access to critical data, including the ability to read, insert, update, or delete information within the Primavera Portfolio Management system, impacting additional products connected with it. Organizations using these versions should prioritize patching to prevent potential data breaches.

Affected Version(s)

Primavera Portfolio Management 16.1.0.0-16.1.5.1

Primavera Portfolio Management 18.0.0.0-18.0.2.0

Primavera Portfolio Management 19.0.0.0

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020