Input validation error in Primavera Unifier - CVE-2018-2969
Published: July 18, 2018 / Updated: August 8, 2020
Vulnerability identifier: #VU36873
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-2969
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Oracle
Affected software:
Primavera Unifier
Primavera Unifier
Detailed vulnerability description
The vulnerability allows a remote authenticated user to gain access to sensitive information.
Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). The supported version that is affected is 16.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
How to mitigate CVE-2018-2969
Install update from vendor's website.