Primavera P6 Enterprise Project Portfolio Management Security Vulnerabilities and Issues — Primavera P6 Enterprise Project Portfolio Management CVE List

Lucene search

OraclePrimavera P6 Enterprise Project Portfolio Management

11 matches found

CVE•added 2019/01/02 6:29 p.m.•318 views

CVE-2018-19360

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.

9.8CVSS8.8AI score0.06777EPSS

CVE•added 2019/01/02 6:29 p.m.•300 views

CVE-2018-19361

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.

9.8CVSS8.8AI score0.04063EPSS

CVE•added 2019/11/08 3:15 p.m.•231 views

CVE-2019-10219

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

6.5CVSS6AI score0.01864EPSS

CVE•added 2019/01/02 6:29 p.m.•183 views

CVE-2018-14718

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.

9.8CVSS9.8AI score0.14747EPSS

CVE•added 2019/01/02 6:29 p.m.•180 views

CVE-2018-14719

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

9.8CVSS9.8AI score0.03526EPSS

CVE•added 2019/01/02 6:29 p.m.•179 views

CVE-2018-19362

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.

9.8CVSS8.8AI score0.06777EPSS

CVE•added 2019/10/02 2:15 p.m.•136 views

CVE-2019-17091

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.

6.1CVSS6.4AI score0.0842EPSS

CVE•added 2019/10/16 6:15 p.m.•56 views

CVE-2019-3020

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 15.1.0-15.2.18, 16.1.0-16.2.18, 17.1.0-17.12.14 and 18.1.0-18.8.11. Easily exploitable vulnerability allows unau...

9.3CVSS8.4AI score0.01771EPSS

CVE•added 2019/10/16 6:15 p.m.•54 views

CVE-2019-2976

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 17.1.0-17.12.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

6.8CVSS6.7AI score0.00489EPSS

CVE•added 2019/04/23 7:32 p.m.•44 views

CVE-2019-2701

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). The supported version that is affected is 18.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP t...

4.3CVSS3.5AI score0.00277EPSS

CVE•added 2019/01/16 7:30 p.m.•40 views

CVE-2019-2512

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.1, 15.2, 16.1, 16.2, 17.7-17.12 and 18.8. Difficult to exploit vulnerability allows unauthent...

4.7CVSS4.5AI score0.00824EPSS