Oracle Primavera Portfolio Management vulnerabilities

14 known vulnerabilities affecting oracle/primavera_portfolio_management.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

MEDIUM14

Vulnerabilities

Page 1 of 1

CVE-2022-21243MEDIUMCVSS 4.3≥ 18.0.0.0, ≤ 18.0.3.0≥ 19.0.0.0, ≤ 19.0.1.2+2 more2022-01-19

CVE-2022-21243 [MEDIUM] CVE-2022-21243: Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering ( Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0 and 20.0.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Portfolio Manage

nvd

CVE-2022-21376MEDIUMCVSS 5.4≥ 18.0.0.0, ≤ 18.0.3.0≥ 19.0.0.0, ≤ 19.0.1.2+1 more2022-01-19

CVE-2022-21376 [MEDIUM] CVE-2022-21376: Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering ( Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2 and 20.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Suc

nvd

CVE-2022-21281MEDIUMCVSS 4.8≥ 18.0.0.0, ≤ 18.0.3.0≥ 19.0.0.0, ≤ 19.0.1.2+2 more2022-01-19

CVE-2022-21281 [MEDIUM] CVE-2022-21281: Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering ( Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0 and 20.0.0.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Portfolio Manag

nvd

CVE-2022-21242MEDIUMCVSS 5.4≥ 18.0.0.0, ≤ 18.0.3.0≥ 19.0.0.0, ≤ 19.0.1.2+2 more2022-01-19

CVE-2022-21242 [MEDIUM] CVE-2022-21242: Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering ( Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0 and 20.0.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Portfolio Manage

nvd

CVE-2022-21244MEDIUMCVSS 4.3≥ 18.0.0.0, ≤ 18.0.3.0≥ 19.0.0.0, ≤ 19.0.1.2+2 more2022-01-19

CVE-2022-21244 [MEDIUM] CVE-2022-21244: Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering ( Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0 and 20.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Manag

nvd

CVE-2022-21269MEDIUMCVSS 6.1≥ 18.0.0.0, ≤ 18.0.3.0≥ 19.0.0.0, ≤ 19.0.1.2+2 more2022-01-19

CVE-2022-21269 [MEDIUM] CVE-2022-21269: Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering ( Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0 and 20.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Manag

nvd

CVE-2022-21377MEDIUMCVSS 5.4≥ 18.0.0.0, ≤ 18.0.3.0≥ 19.0.0.0, ≤ 19.0.1.2+1 more2022-01-19

CVE-2022-21377 [MEDIUM] CVE-2022-21377: Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering ( Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web API). Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2 and 20.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Succes

nvd

CVE-2020-14549MEDIUMCVSS 5.9≥ 16.1.0.0, ≤ 16.1.5.1≥ 18.0.0.0, ≤ 18.0.2.0+1 more2020-07-15

CVE-2020-14549 [MEDIUM] CVE-2020-14549: Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering ( Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Server). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Primavera Portfolio Management.

nvd

CVE-2020-14528MEDIUMCVSS 6.1≥ 16.1.0.0, ≤ 16.1.5.1≥ 18.0.0.0, ≤ 18.0.2.0+1 more2020-07-15

CVE-2020-14528 [MEDIUM] CVE-2020-14528: Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering ( Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Suc

nvd

CVE-2020-14529MEDIUMCVSS 5.4≥ 16.1.0.0, ≤ 16.1.5.1≥ 18.0.0.0, ≤ 18.0.2.0+1 more2020-07-15

CVE-2020-14529 [MEDIUM] CVE-2020-14529: Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering ( Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Investor Module). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Portfolio Management.

nvd

CVE-2020-14566MEDIUMCVSS 4.3≥ 16.1.0.0, ≤ 16.1.5.1≥ 18.0.0.0, ≤ 18.0.2.0+1 more2020-07-15

CVE-2020-14566 [MEDIUM] CVE-2020-14566: Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering ( Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Suc

nvd

CVE-2020-2562MEDIUMCVSS 6.1≥ 16.1.0.0, ≤ 16.1.5.1≥ 18.0.0.0, ≤ 18.0.2.0+1 more2020-07-15

CVE-2020-2562 [MEDIUM] CWE-79 CVE-2020-2562: Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering ( Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Investor Module). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Manag

nvd

CVE-2020-14527MEDIUMCVSS 5.9≥ 16.1.0.0, ≤ 16.1.5.1≥ 18.0.0.0, ≤ 18.0.2.0+1 more2020-07-15

CVE-2020-14527 [MEDIUM] CVE-2020-14527: Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering ( Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. S

nvd

CVE-2019-10219MEDIUMCVSS 6.1≥ 18.0.0.0, ≤ 18.0.3.0≥ 19.0.0.0, ≤ 19.0.1.2+2 more2019-11-08

CVE-2019-10219 [MEDIUM] CWE-79 CVE-2019-10219: A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properl A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

nvd