Main Vulnerability Database SB2016072107

SB2016072107 - Security restrictions bypass in Oracle Primavera P6 Enterprise Project Portfolio Management

Published: July 21, 2016 Updated: January 24, 2020

Security Bulletin ID SB2016072107

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security restrictions bypass (CVE-ID: CVE-2016-3572)

The vulnerability allows a remote attacker to partially access and partially modify data.

The vulnerability exists in Primavera P6 Enterprise Project Portfolio Management Web Access component. A remote authenticated attacker can partially access and partially modify data by exploiting a flaw in the Primavera P6 Enterprise Project Portfolio Management Web Access component.

Successful exploitation of this vulnerability may result in modification of system information and user access via network.

Remediation

Install update from vendor's website.

References

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html