Unauthenticated Access Vulnerability in Primavera P6 by Oracle
CVE-2024-21095

8.2HIGH

Key Information:

Vendor: Oracle
Status: Primavera P6 Enterprise Project Portfolio Management
Vendor: CVE Published:; 16 April 2024

What is CVE-2024-21095?

A significant security vulnerability has been identified in the Primavera P6 Enterprise Project Portfolio Management software from Oracle Construction and Engineering. This weakness in the Web Access component allows unauthorized attackers with HTTP network access to potentially compromise the application. Affected versions include 19.12.0 through 19.12.22, 20.12.0 through 20.12.21, 21.12.0 through 21.12.18, 22.12.0 through 22.12.12, and 23.12.0 through 23.12.2. Exploiting this vulnerability may grant attackers access to sensitive project data, as well as the ability to perform unauthorized operations such as updating, inserting, or deleting data within Primavera P6. Organizations using these versions are strongly advised to implement security measures to safeguard their critical project data.

References

https://www.oracle.com/security-alerts/cpuapr2024.html

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2024