Sign-up

ID

VAR-201704-1076


CVE

CVE-2017-3583


TITLE

Oracle Primavera Products Suite of Primavera P6 Enterprise Project Portfolio Management In Web Access Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-003514

DESCRIPTION

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N). The vulnerability can be exploited over the 'HTTP' protocol. The 'Web Access' sub component is affected

Trust: 2.52

sources: NVD: CVE-2017-3583 // JVNDB: JVNDB-2017-003514 // CNVD: CNVD-2017-07251 // BID: 97893 // VULMON: CVE-2017-3583

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-07251

AFFECTED PRODUCTS

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:8.3

Trust: 3.3

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:8.4

Trust: 3.3

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:16.2

Trust: 3.3

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:16.1

Trust: 3.3

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:15.2

Trust: 3.3

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:15.1

Trust: 3.3

sources: CNVD: CNVD-2017-07251 // BID: 97893 // JVNDB: JVNDB-2017-003514 // CNNVD: CNNVD-201704-1212 // NVD: CVE-2017-3583

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3583
value: HIGH

Trust: 1.0

NVD: CVE-2017-3583
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-07251
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-1212
value: HIGH

Trust: 0.6

VULMON: CVE-2017-3583
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3583
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-07251
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-3583
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-07251 // VULMON: CVE-2017-3583 // JVNDB: JVNDB-2017-003514 // CNNVD: CNNVD-201704-1212 // NVD: CVE-2017-3583

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.8

sources: JVNDB: JVNDB-2017-003514 // NVD: CVE-2017-3583

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1212

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201704-1212

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003514

PATCH
title:Oracle Critical Patch Update Advisory - April 2017url:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
Trust: 0.8
title:Text Form of Oracle Critical Patch Update - April 2017 Risk Matricesurl:http://www.oracle.com/technetwork/security-advisory/cpuapr2017verbose-3236619.html
Trust: 0.8
title:Patch for Oracle Primavera P6 Enterprise Project Portfolio Management Escalation Vulnerability (CNVD-2017-07251)url:https://www.cnvd.org.cn/patchInfo/show/93989
Trust: 0.6
title:Oracle Primavera Products Suite Primavera P6 Enterprise Project Portfolio Management Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69536
Trust: 0.6
title:Oracle: Oracle Critical Patch Update Advisory - April 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=143b3fb255063c81571469eaa3cf0a87
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-07251 // 
            
            
            
            VULMON: CVE-2017-3583 // 
            
            
            
            JVNDB: JVNDB-2017-003514 // 
            
            
            
            CNNVD: CNNVD-201704-1212

EXTERNAL IDS
db:NVDid:CVE-2017-3583
Trust: 3.4
db:BIDid:97893
Trust: 2.6
db:SECTRACKid:1038289
Trust: 1.7
db:JVNDBid:JVNDB-2017-003514
Trust: 0.8
db:CNVDid:CNVD-2017-07251
Trust: 0.6
db:CNNVDid:CNNVD-201704-1212
Trust: 0.6
db:VULMONid:CVE-2017-3583
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-07251 // 
            
            
            
            VULMON: CVE-2017-3583 // 
            
            
            
            BID: 97893 // 
            
            
            
            JVNDB: JVNDB-2017-003514 // 
            
            
            
            CNNVD: CNNVD-201704-1212 // 
            
            
            
            NVD: CVE-2017-3583

REFERENCES
url:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
Trust: 2.7
url:http://www.securityfocus.com/bid/97893
Trust: 2.4
url:http://www.securitytracker.com/id/1038289
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2017-3583
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3583
Trust: 0.8
url:http://www.oracle.com/index.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-07251 // 
            
            
            
            VULMON: CVE-2017-3583 // 
            
            
            
            BID: 97893 // 
            
            
            
            JVNDB: JVNDB-2017-003514 // 
            
            
            
            CNNVD: CNNVD-201704-1212 // 
            
            
            
            NVD: CVE-2017-3583

CREDITS
Or Hanuka of Motorola Solutions, Tzachy Horesh of Motorola Solutions.
Trust: 0.3
sources:
            
            
            BID: 97893

SOURCES
db:CNVDid:CNVD-2017-07251
db:VULMONid:CVE-2017-3583
db:BIDid:97893
db:JVNDBid:JVNDB-2017-003514
db:CNNVDid:CNNVD-201704-1212
db:NVDid:CVE-2017-3583

LAST UPDATE DATE
2024-08-14T13:30:42.922000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-07251date:2017-05-23T00:00:00
db:VULMONid:CVE-2017-3583date:2019-10-03T00:00:00
db:BIDid:97893date:2017-05-02T03:05:00
db:JVNDBid:JVNDB-2017-003514date:2017-05-30T00:00:00
db:CNNVDid:CNNVD-201704-1212date:2019-10-23T00:00:00
db:NVDid:CVE-2017-3583date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-07251date:2017-05-23T00:00:00
db:VULMONid:CVE-2017-3583date:2017-04-24T00:00:00
db:BIDid:97893date:2017-04-18T00:00:00
db:JVNDBid:JVNDB-2017-003514date:2017-05-30T00:00:00
db:CNNVDid:CNNVD-201704-1212date:2017-04-25T00:00:00
db:NVDid:CVE-2017-3583date:2017-04-24T19:59:05.473