Web Access Vulnerability in Oracle Primavera P6 Project Portfolio Management
CVE-2020-14653
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 15 July 2020
Summary
A security flaw in Oracle's Primavera P6 Enterprise Project Portfolio Management allows a low-privileged attacker to gain unauthorized access via HTTP. This vulnerability can lead to unauthorized modifications to data, including updates, inserts, or deletions, as well as unauthorized reading of accessible data. Affected versions are 16.1.0.0 through 16.2.20.1, 17.1.0.0 through 17.12.17.1, and 18.1.0.0 through 18.8.18.2. Operators using these versions should prioritize applying security updates to mitigate potential risks.
Affected Version(s)
Primavera P6 Enterprise Project Portfolio Management 16.1.0.0-16.2.20.1
Primavera P6 Enterprise Project Portfolio Management 17.1.0.0-17.12.17.1
Primavera P6 Enterprise Project Portfolio Management 18.1.0.0-18.8.18.2
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved