Sign-up

ID

VAR-201704-1172


CVE

CVE-2017-3500


TITLE

Oracle Primavera Products Suite of Primavera Gateway In Primavera Desktop Integration Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-003507

DESCRIPTION

Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Gateway accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.0 Base Score 8.7 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H). The vulnerability can be exploited over the 'HTTP' protocol. The following versions are affected: Oracle Primavera Gateway 1.0, version 1.1, version 14.2, version 15.1, version 15.2, version 16.1, version 16.2

Trust: 2.07

sources: NVD: CVE-2017-3500 // JVNDB: JVNDB-2017-003507 // BID: 97881 // VULHUB: VHN-111703 // VULMON: CVE-2017-3500

AFFECTED PRODUCTS

vendor:oraclemodel:primavera gatewayscope:eqversion:16.2

Trust: 2.7

vendor:oraclemodel:primavera gatewayscope:eqversion:16.1

Trust: 2.7

vendor:oraclemodel:primavera gatewayscope:eqversion:15.2

Trust: 2.7

vendor:oraclemodel:primavera gatewayscope:eqversion:15.1

Trust: 2.7

vendor:oraclemodel:primavera gatewayscope:eqversion:14.2

Trust: 2.7

vendor:oraclemodel:primavera gatewayscope:eqversion:1.1

Trust: 2.7

vendor:oraclemodel:primavera gatewayscope:eqversion:1.0

Trust: 2.7

sources: BID: 97881 // JVNDB: JVNDB-2017-003507 // CNNVD: CNNVD-201704-1276 // NVD: CVE-2017-3500

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3500
value: HIGH

Trust: 1.0

NVD: CVE-2017-3500
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201704-1276
value: HIGH

Trust: 0.6

VULHUB: VHN-111703
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-3500
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3500
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-111703
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3500
baseSeverity: HIGH
baseScore: 8.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 5.8
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-111703 // VULMON: CVE-2017-3500 // JVNDB: JVNDB-2017-003507 // CNNVD: CNNVD-201704-1276 // NVD: CVE-2017-3500

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-111703 // JVNDB: JVNDB-2017-003507 // NVD: CVE-2017-3500

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1276

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201704-1276

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003507

PATCH
title:Oracle Critical Patch Update Advisory - April 2017url:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
Trust: 0.8
title:Text Form of Oracle Critical Patch Update - April 2017 Risk Matricesurl:http://www.oracle.com/technetwork/security-advisory/cpuapr2017verbose-3236619.html
Trust: 0.8
title:Oracle Primavera Products Suite Primavera Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69583
Trust: 0.6
title:Oracle: Oracle Critical Patch Update Advisory - April 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=143b3fb255063c81571469eaa3cf0a87
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-3500 // 
            
            
            
            JVNDB: JVNDB-2017-003507 // 
            
            
            
            CNNVD: CNNVD-201704-1276

EXTERNAL IDS
db:NVDid:CVE-2017-3500
Trust: 2.9
db:BIDid:97881
Trust: 2.1
db:SECTRACKid:1038289
Trust: 1.8
db:JVNDBid:JVNDB-2017-003507
Trust: 0.8
db:CNNVDid:CNNVD-201704-1276
Trust: 0.7
db:VULHUBid:VHN-111703
Trust: 0.1
db:VULMONid:CVE-2017-3500
Trust: 0.1
sources:
            
            
            VULHUB: VHN-111703 // 
            
            
            
            VULMON: CVE-2017-3500 // 
            
            
            
            BID: 97881 // 
            
            
            
            JVNDB: JVNDB-2017-003507 // 
            
            
            
            CNNVD: CNNVD-201704-1276 // 
            
            
            
            NVD: CVE-2017-3500

REFERENCES
url:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
Trust: 2.2
url:http://www.securityfocus.com/bid/97881
Trust: 1.9
url:http://www.securitytracker.com/id/1038289
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3500
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3500
Trust: 0.8
url:http://www.oracle.com/index.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-111703 // 
            
            
            
            VULMON: CVE-2017-3500 // 
            
            
            
            BID: 97881 // 
            
            
            
            JVNDB: JVNDB-2017-003507 // 
            
            
            
            CNNVD: CNNVD-201704-1276 // 
            
            
            
            NVD: CVE-2017-3500

CREDITS
Oracle
Trust: 0.3
sources:
            
            
            BID: 97881

SOURCES
db:VULHUBid:VHN-111703
db:VULMONid:CVE-2017-3500
db:BIDid:97881
db:JVNDBid:JVNDB-2017-003507
db:CNNVDid:CNNVD-201704-1276
db:NVDid:CVE-2017-3500

LAST UPDATE DATE
2024-11-23T22:13:03.011000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-111703date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-3500date:2019-10-03T00:00:00
db:BIDid:97881date:2017-05-02T05:05:00
db:JVNDBid:JVNDB-2017-003507date:2017-05-30T00:00:00
db:CNNVDid:CNNVD-201704-1276date:2019-10-23T00:00:00
db:NVDid:CVE-2017-3500date:2024-11-21T03:25:40.383

SOURCES RELEASE DATE
db:VULHUBid:VHN-111703date:2017-04-24T00:00:00
db:VULMONid:CVE-2017-3500date:2017-04-24T00:00:00
db:BIDid:97881date:2017-04-18T00:00:00
db:JVNDBid:JVNDB-2017-003507date:2017-05-30T00:00:00
db:CNNVDid:CNNVD-201704-1276date:2017-04-26T00:00:00
db:NVDid:CVE-2017-3500date:2017-04-24T19:59:02.817