CVE-2018-2963

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.x and 16.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Published: Jul 18, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-2963
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / primavera_p6_enterprise_project_portfolio_management	16.2	16.2.x
oracle / primavera_p6_enterprise_project_portfolio_management	15.1	15.1.x
oracle / primavera_p6_enterprise_project_portfolio_management	16.1	16.1.x
oracle / primavera_p6_enterprise_project_portfolio_management	15.2	15.2.x
oracle / primavera_p6_enterprise_project_portfolio_management	8.4	8.4.x

Vulnerability Database

289,599

CVE-2018-2963