Unauthenticated Access Vulnerability in Primavera Portfolio Management by Oracle
CVE-2020-2562

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Primavera Portfolio Management
Vendor: CVE Published:; 15 July 2020

Summary

The vulnerability in Primavera Portfolio Management's Investor Module allows an unauthenticated attacker with HTTP network access to exploit the system. While it primarily affects Primavera, successful exploitation can lead to unauthorized access to sensitive data, allowing attackers to perform operations such as update, insert, or delete. Moreover, successful exploitation necessitates human interaction from a victim, amplifying the potential impact. This risk underscores the need for organizations using Primavera Portfolio Management to prioritize security measures to safeguard their data.

Affected Version(s)

Primavera Portfolio Management 16.1.0.0-16.1.5.1

Primavera Portfolio Management 18.0.0.0-18.0.2.0

Primavera Portfolio Management 19.0.0.0

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Dec 10, 2019