ID

VAR-202301-1360


CVE

CVE-2023-21888


TITLE

Oracle Construction and Engineering  of  Primavera Gateway  In  WebUI  Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-001206

DESCRIPTION

Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: WebUI). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Gateway, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Gateway accessible data as well as unauthorized read access to a subset of Primavera Gateway accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Trust: 1.8

sources: NVD: CVE-2023-21888 // JVNDB: JVNDB-2023-001206 // VULHUB: VHN-448705 // VULMON: CVE-2023-21888

AFFECTED PRODUCTS

vendor:oraclemodel:primavera gatewayscope:gteversion:20.12.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:20.12.10

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:18.8.15

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:18.8.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:19.12.15

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:19.12.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:21.12.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:21.12.8

Trust: 1.0

vendor:オラクルmodel:primavera gatewayscope:eqversion:19.12.0 to 19.12.15

Trust: 0.8

vendor:オラクルmodel:primavera gatewayscope:eqversion:20.12.0 to 20.12.10

Trust: 0.8

vendor:オラクルmodel:primavera gatewayscope:eqversion: -

Trust: 0.8

vendor:オラクルmodel:primavera gatewayscope:eqversion:18.8.0 to 18.8.15

Trust: 0.8

vendor:オラクルmodel:primavera gatewayscope:eqversion:21.12.0 to 21.12.8

Trust: 0.8

sources: JVNDB: JVNDB-2023-001206 // NVD: CVE-2023-21888

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-21888
value: MEDIUM

Trust: 1.0

secalert_us@oracle.com: CVE-2023-21888
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2023-001206
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202301-1331
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2023-21888
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 2.0

OTHER: JVNDB-2023-001206
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-001206 // CNNVD: CNNVD-202301-1331 // NVD: CVE-2023-21888 // NVD: CVE-2023-21888

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-001206 // NVD: CVE-2023-21888

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-1331

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202301-1331

PATCH

title:Oracle Critical Patch Update Advisory - January 2023 Oracle Critical Patch Updateurl:https://www.oracle.com/security-alerts/cpujan2023.html

Trust: 0.8

title:Oracle Construction and Engineering Suite Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=221853

Trust: 0.6

sources: JVNDB: JVNDB-2023-001206 // CNNVD: CNNVD-202301-1331

EXTERNAL IDS

db:NVDid:CVE-2023-21888

Trust: 3.4

db:JVNDBid:JVNDB-2023-001206

Trust: 0.8

db:CNNVDid:CNNVD-202301-1331

Trust: 0.6

db:VULHUBid:VHN-448705

Trust: 0.1

db:VULMONid:CVE-2023-21888

Trust: 0.1

sources: VULHUB: VHN-448705 // VULMON: CVE-2023-21888 // JVNDB: JVNDB-2023-001206 // CNNVD: CNNVD-202301-1331 // NVD: CVE-2023-21888

REFERENCES

url:https://www.oracle.com/security-alerts/cpujan2023.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-21888

Trust: 1.4

url:https://cxsecurity.com/cveshow/cve-2023-21888/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-448705 // VULMON: CVE-2023-21888 // JVNDB: JVNDB-2023-001206 // CNNVD: CNNVD-202301-1331 // NVD: CVE-2023-21888

SOURCES

db:VULHUBid:VHN-448705
db:VULMONid:CVE-2023-21888
db:JVNDBid:JVNDB-2023-001206
db:CNNVDid:CNNVD-202301-1331
db:NVDid:CVE-2023-21888

LAST UPDATE DATE

2024-08-14T13:52:49.629000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-448705date:2023-01-25T00:00:00
db:VULMONid:CVE-2023-21888date:2023-01-18T00:00:00
db:JVNDBid:JVNDB-2023-001206date:2023-01-31T02:44:00
db:CNNVDid:CNNVD-202301-1331date:2023-02-02T00:00:00
db:NVDid:CVE-2023-21888date:2023-01-25T14:26:33.427

SOURCES RELEASE DATE

db:VULHUBid:VHN-448705date:2023-01-18T00:00:00
db:VULMONid:CVE-2023-21888date:2023-01-18T00:00:00
db:JVNDBid:JVNDB-2023-001206date:2023-01-31T00:00:00
db:CNNVDid:CNNVD-202301-1331date:2023-01-17T00:00:00
db:NVDid:CVE-2023-21888date:2023-01-18T00:15:16.620