9.1

CVE-2017-3508

Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Primavera Gateway. CVSS 3.0 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OraclePrimavera Gateway Version1.0
OraclePrimavera Gateway Version1.1
OraclePrimavera Gateway Version14.2
OraclePrimavera Gateway Version15.1
OraclePrimavera Gateway Version15.2
OraclePrimavera Gateway Version16.1
OraclePrimavera Gateway Version16.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.27% 0.808
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.1 2.3 6
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
Patch
Vendor Advisory
http://www.securitytracker.com/id/1038289
http://www.securityfocus.com/bid/97883
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/97889
Third Party Advisory
VDB Entry