CVE-2022-21243

MEDIUM

Oracle Primavera Portfolio Management DoS via HTTP (18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0-20.0.0.1)

Title source: llm

Description

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0 and 20.0.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Primavera Portfolio Management. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujan2022.html

Scores

CVSS v3 4.3

EPSS 0.0031

EPSS Percentile 54.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

Status published

Products (3)

oracle/primavera_portfolio_management 20.0.0.0

oracle/primavera_portfolio_management 20.0.0.1

oracle/primavera_portfolio_management 18.0.0.0 - 18.0.3.0

Published Jan 19, 2022

Tracked Since Feb 18, 2026