Main Vulnerability Database Vulnerabilities #VU36872

Input validation error in Primavera Unifier - CVE-2018-2968

Published: July 18, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36872

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-2968

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Oracle

Affected software:
Primavera Unifier

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Unifier accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).

How to mitigate CVE-2018-2968

Install update from vendor's website.

Input validation error in Primavera Unifier - CVE-2018-2968

Detailed vulnerability description

How to mitigate CVE-2018-2968

Sources

Please verify you're human