Oracle Primavera P6 Enterprise Project Portfolio Management vulnerabilities
63 known vulnerabilities affecting oracle/primavera_p6_enterprise_project_portfolio_management.
Total CVEs
63
CISA KEV
0
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL9HIGH9MEDIUM45
Vulnerabilities
Page 1 of 4
CVE-2025-50061MEDIUMCVSS 5.4≥ 20.12.0, ≤ 20.12.21≥ 21.12.0.0, ≤ 21.12.21.0+3 more2025-07-15
CVE-2025-50061 [MEDIUM] CWE-269 CVE-2025-50061: Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construc
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.0-20.12.21, 21.12.0-21.12.21, 22.12.0-22.12.19, 23.12.0-23.12.13 and 24.12.0-24.12.4. Easily exploitable vulnerability allows low privileged attacker with net
nvd
CVE-2025-21528MEDIUMCVSS 4.3≥ 20.12.1.0, ≤ 20.12.21.5≥ 21.12.1.0, ≤ 21.12.20.0+2 more2025-01-21
CVE-2025-21528 [MEDIUM] CWE-352 CVE-2025-21528: Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construc
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0, 22.12.1.0-22.12.16.0 and 23.12.1.0-23.12.10.0. Easily exploitable vulnerability allows unauthenticated attacker with net
nvd
CVE-2025-21558MEDIUMCVSS 5.4≥ 20.12.1.0, ≤ 20.12.21.5≥ 21.12.1.0, ≤ 21.12.20.0+1 more2025-01-21
CVE-2025-21558 [MEDIUM] CWE-863 CVE-2025-21558: Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construc
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0 and 22.12.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise
nvd
CVE-2025-21526MEDIUMCVSS 5.4≥ 20.12.1.0, ≤ 20.12.21.5≥ 21.12.1.0, ≤ 21.12.20.0+2 more2025-01-21
CVE-2025-21526 [MEDIUM] CWE-352 CVE-2025-21526: Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construc
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0, 22.12.1.0-22.12.16.0 and 23.12.1.0-23.12.10.0. Easily exploitable vulnerability allows low privileged attacker with netw
nvd
CVE-2024-21095HIGHCVSS 8.2≥ 19.12.0, ≤ 19.12.22≥ 20.12.0, ≤ 20.12.21+3 more2024-04-16
CVE-2024-21095 [HIGH] CWE-200 CVE-2024-21095: Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construc
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 19.12.0-19.12.22, 20.12.0-20.12.21, 21.12.0-21.12.18, 22.12.0-22.12.12 and 23.12.0-23.12.2. Easily exploitable vulnerability allows unauthenticated attacker with netw
nvd
CVE-2020-36518HIGHCVSS 7.5≥ 17.12.0.0, ≤ 17.12.20.4≥ 18.8.0.0, ≤ 18.8.25.4+2 more2022-03-11
CVE-2020-36518 [HIGH] CWE-787 CVE-2020-36518: jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a lar
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
nvd
CVE-2021-44832MEDIUMCVSS 6.6Exploited≥ 19.12.0, ≤ 19.12.18.0≥ 20.12.0.0, ≤ 20.12.12.0+2 more2021-12-28
CVE-2021-44832 [MEDIUM] CWE-20 CVE-2021-44832: Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) a
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java
nvd
CVE-2021-45105MEDIUMCVSS 5.9≥ 19.12.0.0, ≤ 19.12.18.0≥ 20.12.0.0, ≤ 20.12.12.0+1 more2021-12-18
CVE-2021-45105 [MEDIUM] CWE-20 CVE-2021-45105: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from u
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
nvd
CVE-2021-2351HIGHCVSS 7.5≥ 17.12.0.0, ≤ 17.12.20≥ 18.8.0.0, ≤ 18.8.24+2 more2021-07-21
CVE-2021-2351 [HIGH] CWE-327 CVE-2021-2351: Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versi
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a perso
nvd
CVE-2021-2386MEDIUMCVSS 4.3≥ 20.12.0, ≤ 20.12.32021-07-21
CVE-2021-2386 [MEDIUM] CVE-2021-2386: Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construc
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.0-20.12.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Manageme
nvd
CVE-2021-2366MEDIUMCVSS 6.4≥ 17.12.0, ≤ 17.12.20≥ 18.8.0, ≤ 18.8.23+2 more2021-07-21
CVE-2021-2366 [MEDIUM] CVE-2021-2366: Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construc
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 17.12.0-17.12.20, 18.8.0-18.8.23, 19.12.0-19.12.14 and 20.12.0-20.12.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compro
nvd
CVE-2020-5421MEDIUMCVSS 6.5≥ 16.1.0, ≤ 16.2.20≥ 17.1.0, ≤ 17.12.19+2 more2020-09-19
CVE-2020-5421 [MEDIUM] CVE-2020-5421: In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and olde
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
nvd
CVE-2020-14653MEDIUMCVSS 5.4≥ 16.1.0.0, ≤ 16.2.20.1≥ 17.1.0.0, ≤ 17.12.17.1+1 more2020-07-15
CVE-2020-14653 [MEDIUM] CVE-2020-14653: Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construc
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 16.1.0.0-16.2.20.1, 17.1.0.0-17.12.17.1 and 18.1.0.0-18.8.18.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise P
nvd
CVE-2020-14706MEDIUMCVSS 5.9≥ 17.1.0.0, ≤ 17.12.17.1≥ 18.1.0.0, ≤ 18.8.19.0+1 more2020-07-15
CVE-2020-14706 [MEDIUM] CVE-2020-14706: Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construc
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 17.1.0.0-17.12.17.1, 18.1.0.0-18.8.19 and 19.12.0-19.12.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Pri
nvd
CVE-2020-10683CRITICALCVSS 9.8≥ 16.1.0.0, ≤ 16.2.20.1≥ 17.1.0.0, ≤ 17.12.17.1+2 more2020-05-01
CVE-2020-10683 [CRITICAL] CWE-611 CVE-2020-10683: dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, whi
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
nvd
CVE-2020-2706MEDIUMCVSS 5.4≥ 16.2.0.0, ≤ 16.2.19.3≥ 17.12.0.0, ≤ 17.12.17.0+3 more2020-04-15
CVE-2020-2706 [MEDIUM] CVE-2020-2706: Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construc
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Project Manager). Supported versions that are affected are 16.2.0.0 - 16.2.19.3, 17.12.0.0 - 17.12.17.0, 18.8.0.0 - 18.8.18.0, 19.12.1.0 - 19.12.3.0 and 20.1.0.0 - 20.2.0.0. Easily exploitable vulnerability allows low privileged
nvd
CVE-2020-2594MEDIUMCVSS 6.5≥ 16.2.0.0, ≤ 16.2.19.3≥ 17.12.0.0, ≤ 17.12.17.0+3 more2020-04-15
CVE-2020-2594 [MEDIUM] CVE-2020-2594: Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construc
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Project Manager). Supported versions that are affected are 16.2.0.0 - 16.2.19.3, 17.12.0.0 - 17.12.17.0, 18.8.0.0 - 18.8.18.0, 19.12.1.0 - 19.12.3.0 and 20.1.0.0 - 20.2.0.0. Easily exploitable vulnerability allows low privileged
nvd
CVE-2020-2556HIGHCVSS 7.3≥ 16.2.0.0, ≤ 16.2.19.0≥ 17.12.0.0, ≤ 17.12.16.0+3 more2020-01-15
CVE-2020-2556 [HIGH] CVE-2020-2556: Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construc
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Core). Supported versions that are affected are 16.2.0.0-16.2.19.0, 17.12.0.0-17.12.16.0, 18.8.0.0-18.8.16.0, 19.12.0.0 and 20.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure
nvd
CVE-2020-2707MEDIUMCVSS 5.4≥ 15.1.0.0, ≤ 15.2.18.7≥ 16.1.0.0, ≤ 16.2.19.0+3 more2020-01-15
CVE-2020-2707 [MEDIUM] CVE-2020-2707: Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construc
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: WebAccess). Supported versions that are affected are 15.1.0.0-15.2.18.7, 16.1.0.0-16.2.19.0, 17.1.0.0-17.12.16.0, 18.1.0.0-18.8.16.0 and 19.12.0.0. Easily exploitable vulnerability allows low privileged attacker with network acc
nvd
CVE-2019-10219MEDIUMCVSS 6.1≥ 17.12.0.0, ≤ 17.12.0.0-17.12.20.0≥ 18.8.0.0, ≤ 18.8.24.0+3 more2019-11-08
CVE-2019-10219 [MEDIUM] CWE-79 CVE-2019-10219: A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properl
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
nvd
1 / 4Next →