Unauthenticated Access Vulnerability in Oracle Primavera Portfolio Management
CVE-2022-21377

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Primavera Portfolio Management
Vendor: CVE Published:; 19 January 2022

Summary

An unauthenticated access vulnerability exists in the Web API component of Oracle's Primavera Portfolio Management, affecting several versions of the product. This flaw enables network-based attackers to exploit the system without any credentials. Although human interaction is necessary for successful exploitation, this vulnerability could allow unauthorized users to update, insert, or delete sensitive data, as well as gain unauthorized read access to select information within Primavera Portfolio Management.

Affected Version(s)

Primavera Portfolio Management 18.0.0.0-18.0.3.0

Primavera Portfolio Management 19.0.0.0-19.0.1.2

Primavera Portfolio Management 20.0.0.0

References

https://www.oracle.com/security-alerts/cpujan2022.html

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 19, 2022
Vulnerability Reserved
Nov 15, 2021