Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-2967

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows physical access to compromise Primavera Unifier. While the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Unifier accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Published

2018-07-18T13:29:03.647

Last Modified

2024-11-21T04:04:51.643

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.3 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	oracle	primavera_unifier	16.1	Yes
Application	oracle	primavera_unifier	16.2	Yes
Application	oracle	primavera_unifier	16.2.1.0	Yes
Application	oracle	primavera_unifier	16.2.4.0	Yes
Application	oracle	primavera_unifier	17.1	Yes
Application	oracle	primavera_unifier	17.2	Yes
Application	oracle	primavera_unifier	17.3	Yes
Application	oracle	primavera_unifier	17.4	Yes
Application	oracle	primavera_unifier	17.5	Yes
Application	oracle	primavera_unifier	17.6	Yes
Application	oracle	primavera_unifier	17.7	Yes
Application	oracle	primavera_unifier	17.8	Yes
Application	oracle	primavera_unifier	17.9	Yes
Application	oracle	primavera_unifier	17.10	Yes
Application	oracle	primavera_unifier	17.11	Yes
Application	oracle	primavera_unifier	17.12	Yes
Application	oracle	primavera_unifier	18.1	Yes
Application	oracle	primavera_unifier	18.2	Yes
Application	oracle	primavera_unifier	18.3	Yes
Application	oracle	primavera_unifier	18.4	Yes
Application	oracle	primavera_unifier	18.5	Yes
Application	oracle	primavera_unifier	18.6	Yes
Application	oracle	primavera_unifier	18.7	Yes

References

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/104823 ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/104823 (af854a3a-2127-422b-91ae-364da2661108)