9.1
CVE-2017-3508
- EPSS 2.75%
- Veröffentlicht 24.04.2017 19:59:03
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle secalert_us@oracle.com
- Teams Watchlist Login
- Unerledigt Login
Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Primavera Gateway. CVSS 3.0 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Primavera Gateway Version1.0
Oracle ≫ Primavera Gateway Version1.1
Oracle ≫ Primavera Gateway Version14.2
Oracle ≫ Primavera Gateway Version15.1
Oracle ≫ Primavera Gateway Version15.2
Oracle ≫ Primavera Gateway Version16.1
Oracle ≫ Primavera Gateway Version16.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.75% | 0.847 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 2.3 | 6 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|