WebAccess Vulnerability in Primavera P6 Project Portfolio Management by Oracle
CVE-2020-2707

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Primavera P6 Enterprise Project Portfolio Management
Vendor: CVE Published:; 15 January 2020

Summary

A vulnerability in Oracle's Primavera P6 Enterprise Project Portfolio Management product, specifically within the WebAccess component, allows an attacker with low privileges and network access to exploit the system. This exploit requires human interaction from a third party. Attackers can gain unauthorized access to modify and delete accessible data, as well as unauthorized read access to certain data sets. The ramifications of this vulnerability not only impact Primavera P6 but could also affect other interconnected products.

Affected Version(s)

Primavera P6 Enterprise Project Portfolio Management 15.1.0.0-15.2.18.7

Primavera P6 Enterprise Project Portfolio Management 16.1.0.0-16.2.19.0

Primavera P6 Enterprise Project Portfolio Management 17.1.0.0-17.12.16.0

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019