Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE network
low complexity
oracle
nessus
Published: 2018-01-18
Updated: 2024-11-21
Summary
Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Platform). Supported versions that are affected are 10.x, 15.x, 16.x and 17.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Unifier accessible data as well as unauthorized access to critical data or complete access to all Primavera Unifier accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
Vulnerable Configurations
Part | Description | Count |
Application | Oracle | 9 |
Nessus
NASL family | CGI abuses |
NASL id | ORACLE_PRIMAVERA_UNIFIER_CPU_JAN_2018.NASL |
description | According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is missing the January 2018 Critical Patch Update. It is, therefore, affected by an unspecified issue in the platform component as described in the advisory. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 106201 |
published | 2018-01-19 |
reporter | This script is Copyright (C) 2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/106201 |
title | Oracle Primavera Unifier Platform Component Unspecified Remote Issue (January 2018 CPU) |