Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for Primavera Gateway by Oracle Corporation

    CVE-2023-21888 (GCVE-0-2023-21888)

    Vulnerability from nvd – Published: 2023-01-17 23:35 – Updated: 2024-09-17 14:05
    VLAI
    Summary
    Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: WebUI). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Gateway, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Gateway accessible data as well as unauthorized read access to a subset of Primavera Gateway accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Gateway, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Gateway accessible data as well as unauthorized read access to a subset of Primavera Gateway accessible data.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Oracle Corporation Primavera Gateway Affected: 18.8.0-18.8.15
    Affected: 19.12.0-19.12.15
    Affected: 20.12.0-20.12.10
    Affected: 21.12.0-21.12.8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:51:51.239Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Oracle Advisory",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2023.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-21888",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-17T14:03:09.606561Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T14:05:51.596Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Primavera Gateway",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "18.8.0-18.8.15"
                },
                {
                  "status": "affected",
                  "version": "19.12.0-19.12.15"
                },
                {
                  "status": "affected",
                  "version": "20.12.0-20.12.10"
                },
                {
                  "status": "affected",
                  "version": "21.12.0-21.12.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: WebUI).  Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and  21.12.0-21.12.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Gateway.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Gateway, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Primavera Gateway accessible data as well as  unauthorized read access to a subset of Primavera Gateway accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Gateway.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Gateway, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Primavera Gateway accessible data as well as  unauthorized read access to a subset of Primavera Gateway accessible data.",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-23T23:37:47.269Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "Oracle Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2023.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2023-21888",
        "datePublished": "2023-01-17T23:35:25.092Z",
        "dateReserved": "2022-12-17T19:26:00.706Z",
        "dateUpdated": "2024-09-17T14:05:51.596Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3508 (GCVE-0-2017-3508)

    Vulnerability from nvd – Published: 2017-04-24 19:00 – Updated: 2024-10-04 19:26
    VLAI
    Summary
    Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Primavera Gateway. CVSS 3.0 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Primavera Gateway.
    Assigner
    References
    URL Tags
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/97883 vdb-entryx_refsource_BID
    http://www.securityfocus.com/bid/97889 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1038289 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Oracle Corporation Primavera Gateway Affected: 1.0
    Affected: 1.1
    Affected: 14.2
    Affected: 15.1
    Affected: 15.2
    Affected: 16.1
    Affected: 16.2
    Create a notification for this product.
    Date Public
    2017-04-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:30:57.963Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
              },
              {
                "name": "97883",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97883"
              },
              {
                "name": "97889",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97889"
              },
              {
                "name": "1038289",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038289"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-3508",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T16:22:52.438611Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T19:26:07.584Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Primavera Gateway",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "14.2"
                },
                {
                  "status": "affected",
                  "version": "15.1"
                },
                {
                  "status": "affected",
                  "version": "15.2"
                },
                {
                  "status": "affected",
                  "version": "16.1"
                },
                {
                  "status": "affected",
                  "version": "16.2"
                }
              ]
            }
          ],
          "datePublic": "2017-04-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Primavera Gateway. CVSS 3.0 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway.  While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in takeover of Primavera Gateway.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T09:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
            },
            {
              "name": "97883",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97883"
            },
            {
              "name": "97889",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97889"
            },
            {
              "name": "1038289",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038289"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2017-3508",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Primavera Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "1.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "1.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "14.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "15.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "15.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "16.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "16.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Primavera Gateway. CVSS 3.0 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway.  While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in takeover of Primavera Gateway."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
                },
                {
                  "name": "97883",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97883"
                },
                {
                  "name": "97889",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97889"
                },
                {
                  "name": "1038289",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038289"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2017-3508",
        "datePublished": "2017-04-24T19:00:00.000Z",
        "dateReserved": "2016-12-06T00:00:00.000Z",
        "dateUpdated": "2024-10-04T19:26:07.584Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3500 (GCVE-0-2017-3500)

    Vulnerability from nvd – Published: 2017-04-24 19:00 – Updated: 2024-10-07 16:14
    VLAI
    Summary
    Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Gateway accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.0 Base Score 8.7 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Gateway accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway.
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/97881 vdb-entryx_refsource_BID
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038289 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Oracle Corporation Primavera Gateway Affected: 1.0
    Affected: 1.1
    Affected: 14.2
    Affected: 15.1
    Affected: 15.2
    Affected: 16.1
    Affected: 16.2
    Create a notification for this product.
    Date Public
    2017-04-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:30:57.805Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "97881",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97881"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
              },
              {
                "name": "1038289",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038289"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-3500",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-07T15:45:18.683714Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-07T16:14:28.626Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Primavera Gateway",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "14.2"
                },
                {
                  "status": "affected",
                  "version": "15.1"
                },
                {
                  "status": "affected",
                  "version": "15.2"
                },
                {
                  "status": "affected",
                  "version": "16.1"
                },
                {
                  "status": "affected",
                  "version": "16.2"
                }
              ]
            }
          ],
          "datePublic": "2017-04-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Gateway accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.0 Base Score 8.7 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway.  While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Primavera Gateway accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T09:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "97881",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97881"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
            },
            {
              "name": "1038289",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038289"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2017-3500",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Primavera Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "1.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "1.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "14.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "15.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "15.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "16.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "16.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Gateway accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.0 Base Score 8.7 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway.  While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Primavera Gateway accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "97881",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97881"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
                },
                {
                  "name": "1038289",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038289"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2017-3500",
        "datePublished": "2017-04-24T19:00:00.000Z",
        "dateReserved": "2016-12-06T00:00:00.000Z",
        "dateUpdated": "2024-10-07T16:14:28.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-21888 (GCVE-0-2023-21888)

    Vulnerability from cvelistv5 – Published: 2023-01-17 23:35 – Updated: 2024-09-17 14:05
    VLAI
    Summary
    Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: WebUI). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Gateway, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Gateway accessible data as well as unauthorized read access to a subset of Primavera Gateway accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Gateway, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Gateway accessible data as well as unauthorized read access to a subset of Primavera Gateway accessible data.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Oracle Corporation Primavera Gateway Affected: 18.8.0-18.8.15
    Affected: 19.12.0-19.12.15
    Affected: 20.12.0-20.12.10
    Affected: 21.12.0-21.12.8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:51:51.239Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Oracle Advisory",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2023.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-21888",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-17T14:03:09.606561Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T14:05:51.596Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Primavera Gateway",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "18.8.0-18.8.15"
                },
                {
                  "status": "affected",
                  "version": "19.12.0-19.12.15"
                },
                {
                  "status": "affected",
                  "version": "20.12.0-20.12.10"
                },
                {
                  "status": "affected",
                  "version": "21.12.0-21.12.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: WebUI).  Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and  21.12.0-21.12.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Gateway.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Gateway, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Primavera Gateway accessible data as well as  unauthorized read access to a subset of Primavera Gateway accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Gateway.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Gateway, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Primavera Gateway accessible data as well as  unauthorized read access to a subset of Primavera Gateway accessible data.",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-23T23:37:47.269Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "Oracle Advisory",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2023.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2023-21888",
        "datePublished": "2023-01-17T23:35:25.092Z",
        "dateReserved": "2022-12-17T19:26:00.706Z",
        "dateUpdated": "2024-09-17T14:05:51.596Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3508 (GCVE-0-2017-3508)

    Vulnerability from cvelistv5 – Published: 2017-04-24 19:00 – Updated: 2024-10-04 19:26
    VLAI
    Summary
    Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Primavera Gateway. CVSS 3.0 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Primavera Gateway.
    Assigner
    References
    URL Tags
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/97883 vdb-entryx_refsource_BID
    http://www.securityfocus.com/bid/97889 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1038289 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Oracle Corporation Primavera Gateway Affected: 1.0
    Affected: 1.1
    Affected: 14.2
    Affected: 15.1
    Affected: 15.2
    Affected: 16.1
    Affected: 16.2
    Create a notification for this product.
    Date Public
    2017-04-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:30:57.963Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
              },
              {
                "name": "97883",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97883"
              },
              {
                "name": "97889",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97889"
              },
              {
                "name": "1038289",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038289"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-3508",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T16:22:52.438611Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T19:26:07.584Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Primavera Gateway",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "14.2"
                },
                {
                  "status": "affected",
                  "version": "15.1"
                },
                {
                  "status": "affected",
                  "version": "15.2"
                },
                {
                  "status": "affected",
                  "version": "16.1"
                },
                {
                  "status": "affected",
                  "version": "16.2"
                }
              ]
            }
          ],
          "datePublic": "2017-04-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Primavera Gateway. CVSS 3.0 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway.  While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in takeover of Primavera Gateway.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T09:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
            },
            {
              "name": "97883",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97883"
            },
            {
              "name": "97889",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97889"
            },
            {
              "name": "1038289",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038289"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2017-3508",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Primavera Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "1.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "1.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "14.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "15.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "15.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "16.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "16.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Primavera Gateway. CVSS 3.0 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway.  While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in takeover of Primavera Gateway."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
                },
                {
                  "name": "97883",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97883"
                },
                {
                  "name": "97889",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97889"
                },
                {
                  "name": "1038289",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038289"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2017-3508",
        "datePublished": "2017-04-24T19:00:00.000Z",
        "dateReserved": "2016-12-06T00:00:00.000Z",
        "dateUpdated": "2024-10-04T19:26:07.584Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3500 (GCVE-0-2017-3500)

    Vulnerability from cvelistv5 – Published: 2017-04-24 19:00 – Updated: 2024-10-07 16:14
    VLAI
    Summary
    Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Gateway accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.0 Base Score 8.7 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Gateway accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway.
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/97881 vdb-entryx_refsource_BID
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038289 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Oracle Corporation Primavera Gateway Affected: 1.0
    Affected: 1.1
    Affected: 14.2
    Affected: 15.1
    Affected: 15.2
    Affected: 16.1
    Affected: 16.2
    Create a notification for this product.
    Date Public
    2017-04-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:30:57.805Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "97881",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97881"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
              },
              {
                "name": "1038289",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038289"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-3500",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-07T15:45:18.683714Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-07T16:14:28.626Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Primavera Gateway",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "14.2"
                },
                {
                  "status": "affected",
                  "version": "15.1"
                },
                {
                  "status": "affected",
                  "version": "15.2"
                },
                {
                  "status": "affected",
                  "version": "16.1"
                },
                {
                  "status": "affected",
                  "version": "16.2"
                }
              ]
            }
          ],
          "datePublic": "2017-04-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Gateway accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.0 Base Score 8.7 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway.  While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Primavera Gateway accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T09:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "97881",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97881"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
            },
            {
              "name": "1038289",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038289"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2017-3500",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Primavera Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "1.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "1.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "14.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "15.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "15.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "16.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "16.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Gateway accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.0 Base Score 8.7 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway.  While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Primavera Gateway accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "97881",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97881"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
                },
                {
                  "name": "1038289",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038289"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2017-3500",
        "datePublished": "2017-04-24T19:00:00.000Z",
        "dateReserved": "2016-12-06T00:00:00.000Z",
        "dateUpdated": "2024-10-07T16:14:28.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }