Sign-up

ID

VAR-201708-0721


CVE

CVE-2017-10150


TITLE

Oracle Primavera Products Suite of Primavera Unifier In Platform Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-006306

DESCRIPTION

Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Primavera Unifier is one of the complete project lifecycle management solution components. The vulnerability can be exploited over the 'HTTP' protocol. The 'Platform' sub component is affected

Trust: 2.52

sources: NVD: CVE-2017-10150 // JVNDB: JVNDB-2017-006306 // CNVD: CNVD-2017-20283 // BID: 99800 // VULMON: CVE-2017-10150

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-20283

AFFECTED PRODUCTS

vendor:oraclemodel:primavera unifierscope:eqversion:9.13

Trust: 3.3

vendor:oraclemodel:primavera unifierscope:eqversion:9.14

Trust: 3.3

vendor:oraclemodel:primavera unifierscope:eqversion:10.1

Trust: 3.3

vendor:oraclemodel:primavera unifierscope:eqversion:15.1

Trust: 3.3

vendor:oraclemodel:primavera unifierscope:eqversion:15.2

Trust: 3.3

vendor:oraclemodel:primavera unifierscope:eqversion:10.2

Trust: 3.3

vendor:oraclemodel:primavera unifierscope:eqversion:16.1

Trust: 3.3

vendor:oraclemodel:primavera unifierscope:eqversion:16.2

Trust: 3.3

sources: CNVD: CNVD-2017-20283 // BID: 99800 // JVNDB: JVNDB-2017-006306 // CNNVD: CNNVD-201707-1280 // NVD: CVE-2017-10150

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10150
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-10150
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-20283
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201707-1280
value: MEDIUM

Trust: 0.6

VULMON: CVE-2017-10150
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-10150
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-20283
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-10150
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-20283 // VULMON: CVE-2017-10150 // JVNDB: JVNDB-2017-006306 // CNNVD: CNNVD-201707-1280 // NVD: CVE-2017-10150

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.8

sources: JVNDB: JVNDB-2017-006306 // NVD: CVE-2017-10150

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-1280

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201707-1280

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006306

PATCH
title:Oracle Critical Patch Update Advisory - July 2017url:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Trust: 0.8
title:Text Form of Oracle Critical Patch Update - July 2017 Risk Matricesurl:http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html
Trust: 0.8
title:Patch for Oracle Primavera Unifier has an unknown vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/99803
Trust: 0.6
title:Oracle Primavera Unifier Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72094
Trust: 0.6
title:Oracle: Oracle Critical Patch Update Advisory - July 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=2f446a7e1ea263c0c3a365776c6713f2
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-20283 // 
            
            
            
            VULMON: CVE-2017-10150 // 
            
            
            
            JVNDB: JVNDB-2017-006306 // 
            
            
            
            CNNVD: CNNVD-201707-1280

EXTERNAL IDS
db:NVDid:CVE-2017-10150
Trust: 3.4
db:BIDid:99800
Trust: 2.6
db:SECTRACKid:1038946
Trust: 1.7
db:JVNDBid:JVNDB-2017-006306
Trust: 0.8
db:CNVDid:CNVD-2017-20283
Trust: 0.6
db:CNNVDid:CNNVD-201707-1280
Trust: 0.6
db:VULMONid:CVE-2017-10150
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-20283 // 
            
            
            
            VULMON: CVE-2017-10150 // 
            
            
            
            BID: 99800 // 
            
            
            
            JVNDB: JVNDB-2017-006306 // 
            
            
            
            CNNVD: CNNVD-201707-1280 // 
            
            
            
            NVD: CVE-2017-10150

REFERENCES
url:http://www.securityfocus.com/bid/99800
Trust: 2.4
url:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Trust: 2.1
url:http://www.securitytracker.com/id/1038946
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10150
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10150
Trust: 0.8
url:http://www.oracle.com/index.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-20283 // 
            
            
            
            VULMON: CVE-2017-10150 // 
            
            
            
            BID: 99800 // 
            
            
            
            JVNDB: JVNDB-2017-006306 // 
            
            
            
            CNNVD: CNNVD-201707-1280 // 
            
            
            
            NVD: CVE-2017-10150

CREDITS
Or Hanuka of Motorola Solutions and Tzachy Horesh of Motorola Solutions.
Trust: 0.9
sources:
            
            
            BID: 99800 // 
            
            
            
            CNNVD: CNNVD-201707-1280

SOURCES
db:CNVDid:CNVD-2017-20283
db:VULMONid:CVE-2017-10150
db:BIDid:99800
db:JVNDBid:JVNDB-2017-006306
db:CNNVDid:CNNVD-201707-1280
db:NVDid:CVE-2017-10150

LAST UPDATE DATE
2024-11-23T21:53:50.784000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-20283date:2017-08-10T00:00:00
db:VULMONid:CVE-2017-10150date:2019-10-03T00:00:00
db:BIDid:99800date:2017-07-18T00:00:00
db:JVNDBid:JVNDB-2017-006306date:2017-08-23T00:00:00
db:CNNVDid:CNNVD-201707-1280date:2019-10-23T00:00:00
db:NVDid:CVE-2017-10150date:2024-11-21T03:05:29.420

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-20283date:2017-08-10T00:00:00
db:VULMONid:CVE-2017-10150date:2017-08-08T00:00:00
db:BIDid:99800date:2017-07-18T00:00:00
db:JVNDBid:JVNDB-2017-006306date:2017-08-23T00:00:00
db:CNNVDid:CNNVD-201707-1280date:2017-07-26T00:00:00
db:NVDid:CVE-2017-10150date:2017-08-08T15:29:04.803