Oracle Primavera P6 Enterprise Project Portfolio Management
0 remedies
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*
0 remedies
- >= 20.12.1.0, <= 20.12.21.5
- >= 21.12.1.0, <= 21.12.20.0
- >= 22.12.1.0
Oracle Primavera P6 EPPM Web Access Vulnerability Allowing Unauthorized Data Access and Modification
Vulnerability
A vulnerability has been identified in the Web Access component of Oracle Primavera P6 Enterprise Project Portfolio Management, affecting versions 20.12.1.0 through 20.12.21.5, 21.12.1.0 through 21.12.20.0, and 22.12.1.0. This vulnerability allows a low-privileged attacker with network access via HTTP to compromise Primavera P6 EPPM. Exploitation requires human interaction from a third party. While the vulnerability is specific to Primavera P6 EPPM, successful attacks could significantly impact other products, leading to a scope change. Exploitation of this vulnerability could result in unauthorized read access to certain Primavera P6 EPPM data, as well as unauthorized update, insert, or delete access to some accessible data.
Impact
Exploitation of this vulnerability could lead to unauthorized read access to a subset of Primavera P6 EPPM data, as well as unauthorized modification of some accessible data, allowing for unauthorized updates, inserts, or deletions.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
1.3exploitability
5.0remediation
0.0relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.