Security restrictions bypass in Primavera P6 Enterprise Project Portfolio Management - CVE-2016-3572
Published: July 21, 2016 / Updated: January 24, 2020
Vulnerability identifier: #VU191
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-3572
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Oracle
Affected software:
Primavera P6 Enterprise Project Portfolio Management
Primavera P6 Enterprise Project Portfolio Management
Detailed vulnerability description
The vulnerability allows a remote attacker to partially access and partially modify data.
The vulnerability exists in Primavera P6 Enterprise Project Portfolio Management Web Access component. A remote authenticated attacker can partially access and partially modify data by exploiting a flaw in the Primavera P6 Enterprise Project Portfolio Management Web Access component.
Successful exploitation of this vulnerability may result in modification of system information and user access via network.
The vulnerability exists in Primavera P6 Enterprise Project Portfolio Management Web Access component. A remote authenticated attacker can partially access and partially modify data by exploiting a flaw in the Primavera P6 Enterprise Project Portfolio Management Web Access component.
Successful exploitation of this vulnerability may result in modification of system information and user access via network.
How to mitigate CVE-2016-3572
The vendor has issued a fix as part of the July 2016 Oracle Critical Patch Update.