A vulnerability has been identified in the Web Access component of Oracle Primavera P6 Enterprise Project Portfolio Management, affecting versions 20.12.1.0 through 20.12.21.5, 21.12.1.0 through 21.12.20.0, 22.12.1.0 through 22.12.16.0, and 23.12.1.0 through 23.12.10.0. This vulnerability allows a low-privileged attacker with network access via HTTP to compromise Primavera P6 EPPM. Exploitation requires human interaction from a third party. While the vulnerability resides within Primavera P6 EPPM, successful attacks could significantly impact other products, leading to a scope change. Exploiting this vulnerability could result in unauthorized read, update, insert, or delete access to certain accessible data within Primavera P6 EPPM.
Exploitation of this vulnerability could lead to unauthorized read, update, insert, or delete access to some of the data accessible within Primavera P6 EPPM.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
