CVE-2017-10038

MEDIUM

Oracle Primavera P6 Enterprise Project Portfolio Management 15.1 15.2 16.1 16.2 - Unauthorized Data Access via HTTP

Title source: llm
STIX 2.1

Description

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038946
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/99751

Scores

CVSS v3 6.5
EPSS 0.0069
EPSS Percentile 72.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (8)
oracle/primavera_p6_enterprise_project_portfolio_management 15.1
oracle/primavera_p6_enterprise_project_portfolio_management 15.2
oracle/primavera_p6_enterprise_project_portfolio_management 16.1
oracle/primavera_p6_enterprise_project_portfolio_management 16.2
Oracle Corporation/Primavera P6 Enterprise Project Portfolio Management 15.1
Oracle Corporation/Primavera P6 Enterprise Project Portfolio Management 15.2
Oracle Corporation/Primavera P6 Enterprise Project Portfolio Management 16.1
Oracle Corporation/Primavera P6 Enterprise Project Portfolio Management 16.2
Published Aug 08, 2017
Tracked Since Feb 18, 2026