CVE-2018-2965

3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.5%
top 33.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Primavera UnifierOracle Primavera Unifier
Timeline
PublishedJul 18
Latest updateMay 13

Description

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). The supported version that is affected is 16.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDoracle/primavera_unifier4 versions+3

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-wcg9-x49q-vrqw: Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core)2022-05-13
CVEList
CVE-2018-2965: Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core)2018-07-18
CVE-2018-2965 (MEDIUM CVSS 6.1) | Vulnerability in the Primavera Unif | cvebase.io