Unauthorized Data Access in Primavera P6 by Oracle
CVE-2020-14706

5.9MEDIUM

Key Information:

Vendor: Oracle
Status: Primavera P6 Enterprise Project Portfolio Management
Vendor: CVE Published:; 15 July 2020

Summary

A vulnerability exists in Primavera P6 Enterprise Project Portfolio Management from Oracle that allows unauthenticated attackers with network access to potentially compromise the system. This flaw can lead to unauthorized access to sensitive project data, and while exploiting it requires human interaction, it may expose critical information. Attackers could gain the ability to update, insert, or delete accessible data, affecting the integrity of the entire project management environment.

Affected Version(s)

Primavera P6 Enterprise Project Portfolio Management 17.1.0.0-17.12.17.1

Primavera P6 Enterprise Project Portfolio Management 18.1.0.0-18.8.19

Primavera P6 Enterprise Project Portfolio Management 19.12.0-19.12.5

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020