Unauthorized Access Vulnerability in Primavera Unifier Mobile App by Oracle
CVE-2020-14618

5.9MEDIUM

Key Information:

Vendor: Oracle
Status: Primavera Unifier
Vendor: CVE Published:; 15 July 2020

Summary

A security vulnerability in the Primavera Unifier Mobile App by Oracle could allow unauthenticated attackers with network access via HTTPS to compromise the system. Exploiting this vulnerability requires human interaction from a user, potentially leading to unauthorized access to sensitive data. An attacker may gain complete access to all Primavera Unifier accessible data and perform unauthorized updates, inserts, or deletions. The supported version affected is prior to 20.6, emphasizing the importance of regular updates to mitigate such risks.

Affected Version(s)

Primavera Unifier < 20.6

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020