Web Access Vulnerability in Primavera Portfolio Management by Oracle
CVE-2022-21281

4.8MEDIUM

Key Information:

Vendor: Oracle
Status: Primavera Portfolio Management
Vendor: CVE Published:; 19 January 2022

Summary

A vulnerability exists in the Web Access component of Oracle's Primavera Portfolio Management that allows attackers with high privileges and network access to exploit the system. The vulnerability requires user interaction from an external party and could lead to unauthorized alterations, including insertions, updates, and deletions of accessible data. Additionally, it poses risks of unauthorized read access to specific subsets of Primavera Portfolio Management data, impacting overall data confidentiality and integrity.

Affected Version(s)

Primavera Portfolio Management 18.0.0.0-18.0.3.0

Primavera Portfolio Management 19.0.0.0-19.0.1.2

Primavera Portfolio Management 20.0.0.0

References

https://www.oracle.com/security-alerts/cpujan2022.html

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 19, 2022
Vulnerability Reserved
Nov 15, 2021