Main Vulnerability Database Vulnerabilities #VU39117

Input validation error in Primavera Gateway - CVE-2017-3508

Published: April 24, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU39117

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Amber

CVE-ID: CVE-2017-3508

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Oracle

Affected software:
Primavera Gateway

Detailed vulnerability description

The vulnerability allows a remote privileged user to execute arbitrary code.

Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Primavera Gateway. CVSS 3.0 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

How to mitigate CVE-2017-3508

Install update from vendor's website.

Input validation error in Primavera Gateway - CVE-2017-3508

Detailed vulnerability description

How to mitigate CVE-2017-3508

Sources

Please verify you're human