Lucene search

K
cve[email protected]CVE-2017-3500
HistoryApr 24, 2017 - 7:59 p.m.

CVE-2017-3500

2017-04-2419:59:02
web.nvd.nist.gov
32
cve-2017-3500
vulnerability
primavera gateway
oracle
data compromise
unauthorized access
network access
http
dos
cvss 3.0

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H

7.9 High

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:N/A:P

0.001 Low

EPSS

Percentile

39.2%

Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily “exploitable” vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Gateway accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.0 Base Score 8.7 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H).

Affected configurations

Vulners
NVD
Node
oracleprimavera_gatewayRange1.0
OR
oracleprimavera_gatewayRange1.1
OR
oracleprimavera_gatewayRange14.2
OR
oracleprimavera_gatewayRange15.1
OR
oracleprimavera_gatewayRange15.2
OR
oracleprimavera_gatewayRange16.1
OR
oracleprimavera_gatewayRange16.2
VendorProductVersionCPE
oracleprimavera_gateway*cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
oracleprimavera_gateway*cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
oracleprimavera_gateway*cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
oracleprimavera_gateway*cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
oracleprimavera_gateway*cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
oracleprimavera_gateway*cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
oracleprimavera_gateway*cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Primavera Gateway",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      },
      {
        "status": "affected",
        "version": "1.1"
      },
      {
        "status": "affected",
        "version": "14.2"
      },
      {
        "status": "affected",
        "version": "15.1"
      },
      {
        "status": "affected",
        "version": "15.2"
      },
      {
        "status": "affected",
        "version": "16.1"
      },
      {
        "status": "affected",
        "version": "16.2"
      }
    ]
  }
]

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H

7.9 High

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:N/A:P

0.001 Low

EPSS

Percentile

39.2%

Related for CVE-2017-3500