Vulnerability in Oracle Primavera P6 Project Management Software
CVE-2020-2594

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Primavera P6 Enterprise Project Portfolio Management
Vendor: CVE Published:; 15 April 2020

Summary

This vulnerability occurs within the Primavera P6 Enterprise Project Portfolio Management software, where an attacker with low privileges and network access can exploit the system via HTTP. The attack depends on human interaction, which could lead to significant unauthorized actions, including updates, deletions, and unauthorized reading of accessible data. Furthermore, this vulnerability has the potential to result in a partial denial of service of the affected product. Organizations using supported versions must take appropriate actions to mitigate risks associated with this issue, as it not only affects Primavera P6 but could also compromise other integrated products.

Affected Version(s)

Primavera P6 Enterprise Project Portfolio Management 16.2.0.0 - 16.2.19.3

Primavera P6 Enterprise Project Portfolio Management 17.12.0.0 - 17.12.17.0

Primavera P6 Enterprise Project Portfolio Management 18.8.0.0 - 18.8.18.0

References

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 10, 2019