A vulnerability has been identified in the Web Access component of Oracle Primavera P6 Enterprise Project Portfolio Management, part of the Construction and Engineering suite. This issue affects several supported versions: 20.12.0-20.12.21, 21.12.0-21.12.21, 22.12.0-22.12.19, 23.12.0-23.12.13, and 24.12.0-24.12.4. The vulnerability allows a low-privileged attacker with network access via HTTP to compromise the application. Exploitation of this vulnerability requires human interaction from a third party. While the vulnerability resides within Primavera P6 EPPM, successful attacks could significantly impact other products, leading to a scope change. Exploiting this vulnerability could result in unauthorized read access to certain Primavera P6 EPPM data, as well as unauthorized update, insert, or delete access to some accessible data within the application.
Exploitation of this vulnerability could lead to unauthorized access to read, modify, insert, or delete certain data within Primavera P6 EPPM.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
