An easily exploitable vulnerability has been identified in the Web Access component of Oracle Primavera P6 Enterprise Project Portfolio Management. This vulnerability affects versions 20.12.1.0 through 20.12.21.5, 21.12.1.0 through 21.12.20.0, 22.12.1.0 through 22.12.16.0, and 23.12.1.0 through 23.12.10.0. The issue allows an unauthenticated attacker with network access via HTTP to compromise Primavera P6 EPPM. Exploitation of this vulnerability requires human interaction from a third party. Successful attacks can lead to unauthorized update, insert, or delete access to some of the data accessible in Primavera P6 EPPM.
Exploitation of this vulnerability could result in unauthorized modifications to data within Primavera P6 EPPM, allowing for unauthorized updates, inserts, or deletions of accessible data.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
