CVE-2017-3500
Description
Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Gateway accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.0 Base Score 8.7 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H).
Affected products
8cpe:2.3:a:oracle:primavera_gateway:1.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:oracle:primavera_gateway:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:14.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:15.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:16.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
- Oracle Corporation/Primavera Gatewayv5Range: 1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.htmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/97881nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1038289nvd
News mentions
0No linked articles in our index yet.