Vulnerability in Primavera Portfolio Management by Oracle affecting Investor Module
CVE-2020-14529

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Primavera Portfolio Management
Vendor: CVE Published:; 15 July 2020

Summary

A vulnerability exists in the Investor Module of Oracle's Primavera Portfolio Management, which can be exploited by low-privileged attackers with HTTP network access. While the attack requires interaction from a third party, it can lead to unauthorized changes and access to Primavera Portfolio Management data, compromising both confidentiality and integrity of sensitive information.

Affected Version(s)

Primavera Portfolio Management 16.1.0.0-16.1.5.1

Primavera Portfolio Management 18.0.0.0-18.0.2.0

Primavera Portfolio Management 19.0.0.0

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020