| Vulnerability Name: | CVE-2018-2967 (CCN-146830) | ||||||||||||
| Assigned: | 2017-12-15 | ||||||||||||
| Published: | 2018-07-17 | ||||||||||||
| Updated: | 2019-10-03 | ||||||||||||
| Summary: | Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows physical access to compromise Primavera Unifier. While the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Unifier accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). | ||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N) 4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-2967 Source: CCN Type: Oracle CPUJul2018 Oracle Critical Patch Update Advisory - July 2018 Source: CONFIRM Type: Patch, Vendor Advisory http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Source: BID Type: UNKNOWN 104823 Source: CCN Type: BID-104823 Oracle Primavera Unifier Multiple Security Vulnerabilities Source: XF Type: UNKNOWN oracle-cpujul2018-cve20182967(146830) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||