Information disclosure in Primavera Contract Management PCM web services - CVE-2016-0635
Published: July 21, 2016 / Updated: November 22, 2018
Vulnerability identifier: #VU192
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-0635
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Oracle
Affected software:
Primavera Contract Management PCM web services
Primavera Contract Management PCM web services
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists in Primavera Contract Management PCM web services component. A remote authenticated attacker can gain elevated privileges by exploit a flaw in the Primavera Contract Management PCM web services component.
Successful exploitation of this vulnerability may result in disclosure of system information.
The vulnerability exists in Primavera Contract Management PCM web services component. A remote authenticated attacker can gain elevated privileges by exploit a flaw in the Primavera Contract Management PCM web services component.
Successful exploitation of this vulnerability may result in disclosure of system information.
How to mitigate CVE-2016-0635
The vendor has issued a fix as part of the July 2016 Oracle Critical Patch Update.