Vulnerabilities > CVE-2018-2620 - Unspecified vulnerability in Oracle Primavera Unifier

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

oracle

nessus

NVD

Published: 2018-01-18

Updated: 2019-10-03

Summary

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Platform). Supported versions that are affected are 10.x, 15.x, 16.x and 17.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Unifier accessible data as well as unauthorized access to critical data or complete access to all Primavera Unifier accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Primavera Unifier 16.2 Oracle Primavera Unifier 10.0 Oracle Primavera Unifier 15.1 Oracle Primavera Unifier 15.2 Oracle Primavera Unifier 10.1 Oracle Primavera Unifier 16.1 Oracle Primavera Unifier 16.0 Oracle Primavera Unifier 17.0 Oracle Primavera Unifier 15.0	9

Nessus

NASL family	CGI abuses
NASL id	ORACLE_PRIMAVERA_UNIFIER_CPU_JAN_2018.NASL
description	According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is missing the January 2018 Critical Patch Update. It is, therefore, affected by an unspecified issue in the platform component as described in the advisory.
last seen	2020-06-01
modified	2020-06-02
plugin id	106201
published	2018-01-19
reporter	This script is Copyright (C) 2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/106201
title	Oracle Primavera Unifier Platform Component Unspecified Remote Issue (January 2018 CPU)

Summary

Vulnerable Configurations

Nessus

References