Lucene search
K

Oracle Primavera Unifier (October 2025 CPU)

🗓️ 23 Oct 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 14 Views

Oracle Primavera Unifier October 2025 CPU flaws allow unauthenticated remote compromise via web access.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses uthentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.
9 Jul 202507:25
ibm
IBM Security Bulletins
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)
3 Sep 202518:09
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in IBM Rapid Infrastructure Automation
28 May 202514:39
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-48976)
15 Aug 202509:21
ibm
IBM Security Bulletins
Security Bulletin: IBM Operational Decision Manager for December 2025 - Multiple CVEs addressed
29 Jan 202607:37
ibm
IBM Security Bulletins
Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to multiple Apache Tomcat vulnerabilities (CVE-2025-48976, CVE-2025-48988)
17 Jul 202518:27
ibm
IBM Security Bulletins
Security Bulletin: The Apache Commons Lang library that is shipped with IBM ApplinX is vulnerable to an Uncontrolled Recursion vulnerability (CVE-2025-48924).
11 Jun 202621:11
ibm
IBM Security Bulletins
Security Bulletin: FreeType Remote Code Execution Vulnerability affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data
5 May 202521:14
ibm
IBM Security Bulletins
Security Bulletin: IBM SPSS Analytic Server is affected by a Denial of Service (DoS) vulnerability in Apache Commons FileUpload.
20 Sep 202500:54
ibm
IBM Security Bulletins
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to uncontrolled recursion due to Apache Commons Lang.
10 Feb 202617:07
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(271244);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/10/30");

  script_cve_id(
    "CVE-2025-5878",
    "CVE-2025-27363",
    "CVE-2025-48924",
    "CVE-2025-48976"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2025/05/27");

  script_name(english:"Oracle Primavera Unifier (October 2025 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in
the October 2025 CPU advisory.

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform
    (Enterprise Security API for Java (Legacy))). Supported versions that are affected are 20.12.0-20.12.16,
    21.12.0-21.12.17, 22.12.0-22.12.15, 23.12.0-23.12.15 and 24.12.0-24.12.9. Easily exploitable vulnerability
    allows unauthenticated attacker with network access via HTTPS to compromise Primavera Unifier. Successful
    attacks of this vulnerability can result in unauthorized update, insert or delete access to some of
    Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier
    accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera
    Unifier. (CVE-2025-5878)

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document
    Management (FreeType)). Supported versions that are affected are 20.12.0-20.12.16, 21.12.0-21.12.17,
    22.12.0-22.12.15, 23.12.0-23.12.15 and 24.12.0-24.12.9. Difficult to exploit vulnerability allows
    unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks
    of this vulnerability can result in takeover of Primavera Unifier. (CVE-2025-27363)

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document
    Management (Apache Commons FileUpload)). Supported versions that are affected are 20.12.0-20.12.16,
    21.12.0-21.12.17, 22.12.0-22.12.15, 23.12.0-23.12.15 and 24.12.0-24.12.9. Easily exploitable vulnerability
    allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful
    attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
    crash (complete DOS) of Primavera Unifier. (CVE-2025-48976)

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform
    (Apache Commons Lang)). Supported versions that are affected are 20.12.0-20.12.16, 21.12.0-21.12.17,
    22.12.0-22.12.15, 23.12.0-23.12.15 and 24.12.0-24.12.9. Easily exploitable vulnerability allows
    unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks
    of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial
    DOS) of Primavera Unifier. (CVE-2025-48924)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/docs/tech/security-alerts/cpuoct2025csaf.json");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuoct2025.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2025 Oracle Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:A");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-27363");
  script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2025-5878");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/10/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/10/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/10/23");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:primavera_unifier");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_primavera_unifier.nbin");
  script_require_keys("installed_sw/Oracle Primavera Unifier", "www/weblogic");
  script_require_ports("Services/www", 8002);

  exit(0);
}

include('vcf.inc');
include('http.inc');

get_install_count(app_name:'Oracle Primavera Unifier', exit_if_zero:TRUE);

var port = get_http_port(default:8002);
get_kb_item_or_exit('www/weblogic/' + port + '/installed');

var app_info = vcf::get_app_info(app:'Oracle Primavera Unifier', port:port);

vcf::check_granularity(app_info:app_info, sig_segments:3);

var constraints = [
  { 'min_version' : '20.12.0', 'fixed_version' : '20.12.16.21', 'fixed_display': '20.12.16.21 (Patch 38542818)' },
  { 'min_version' : '21.12.0', 'fixed_version' : '21.12.17.7',  'fixed_display': '21.12.17.7 (Patch 38542814)' },
  { 'min_version' : '22.12.0', 'fixed_version' : '22.12.15.4',  'fixed_display': '22.12.15.4 (Patch 38542809)' },
  { 'min_version' : '23.12.0', 'fixed_version' : '23.12.16',  'fixed_display': '23.12.16 (Patch 38542801)' },
  { 'min_version' : '24.12.0', 'fixed_version' : '24.12.10',  'fixed_display': '24.12.10 (Patch 38542787)' }
];

vcf::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_HOLE
);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

30 Oct 2025 00:00Current
7.4High risk
Vulners AI Score7.4
CVSS 3.18.1
CVSS 46.9
CVSS 27.5
CVSS 37.3
EPSS0.64718
SSVC
14