CVE-2023-21888Oracle Primavera Gateway vulnerability

8 documents8 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 43.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Primavera GatewayOracle Corporation Primavera Gateway
Timeline
PublishedJan 18

Description

Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: WebUI). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Gateway, attacks may signifi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDoracle/primavera_gateway18.8.018.8.15+3
CVEListV5oracle_corporation/primavera_gateway4 versions+3

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-xm7p-g539-cgfg: Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: WebUI)2023-01-18
CVEList
CVE-2023-21888: Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: WebUI)2023-01-17

📋Vendor Advisories

1
Oracle
Oracle Oracle Construction and Engineering Risk Matrix: WebUI — CVE-2023-218882023-01-15
CVE-2023-21888 — Oracle Primavera Gateway vulnerability | cvebase