Web Server Vulnerability in Primavera Portfolio Management by Oracle
CVE-2020-14549

5.9MEDIUM

Key Information:

Vendor: Oracle
Status: Primavera Portfolio Management
Vendor: CVE Published:; 15 July 2020

Summary

A vulnerability exists in the Web Server component of Oracle's Primavera Portfolio Management that can be exploited by an unauthenticated attacker with network access via HTTPS. The attack requires user interaction from a third party to succeed. When exploited, this vulnerability can lead to unauthorized access to sensitive data, including the ability to update, insert, or delete data within the Primavera Portfolio Management system. It's essential for organizations using the affected versions to implement appropriate security measures to mitigate the potential risks associated with this vulnerability.

Affected Version(s)

Primavera Portfolio Management 16.1.0.0-16.1.5.1

Primavera Portfolio Management 18.0.0.0-18.0.2.0

Primavera Portfolio Management 19.0.0.0

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020