#VU39117 Input validation error in Primavera Gateway - CVE-2017-3508 

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU39117

#VU39117 Input validation error in Primavera Gateway - CVE-2017-3508

Published: April 24, 2017 / Updated: August 8, 2020


Vulnerability identifier: #VU39117
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Amber
CVE-ID: CVE-2017-3508
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vulnerable software:
Primavera Gateway
Software vendor:
Oracle

Description

The vulnerability allows a remote privileged user to execute arbitrary code.

Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Primavera Gateway. CVSS 3.0 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).


Remediation

Install update from vendor's website.

External links