Main Vulnerability Database Vulnerabilities #VU36870

Input validation error in Primavera Unifier - CVE-2018-2966

Published: July 18, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36870

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-2966

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Oracle

Affected software:
Primavera Unifier

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Unifier accessible data. CVSS 3.0 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).

How to mitigate CVE-2018-2966

Install update from vendor's website.

Input validation error in Primavera Unifier - CVE-2018-2966

Detailed vulnerability description

How to mitigate CVE-2018-2966

Sources

Please verify you're human