CVE-2020-14618Corporation Primavera Unifier vulnerability

4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
1.4%
top 19.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Primavera UnifierOracle Primavera Unifier
Timeline
PublishedJul 15
Latest updateMay 24

Description

Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Mobile App). The supported version that is affected is Prior to 20.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:NExploitability: 1.6 | Impact: 4.2

Affected Packages2 packages

CVEListV5oracle_corporation/primavera_unifierunspecified20.6

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-mmg6-qg4h-p87j: Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Mobile App)2022-05-24
CVEList
CVE-2020-14618: Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Mobile App)2020-07-15

📋Vendor Advisories

1
Oracle
Oracle Oracle Construction and Engineering Risk Matrix: Mobile App — CVE-2020-146182020-07-15
CVE-2020-14618 — MEDIUM severity | cvebase