Oracle Primavera Unifier vulnerabilities

95 known vulnerabilities affecting oracle/primavera_unifier.

Total CVEs

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL20HIGH35MEDIUM38LOW2

Vulnerabilities

Page 5 of 5

CVE-2018-8032MEDIUMCVSS 6.1≥ 17.7, ≤ 17.12v16.1+3 more2018-08-02

CVE-2018-8032 [MEDIUM] CWE-79 CVE-2018-8032: Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

nvd

CVE-2018-2966HIGHCVSS 7.4v16.1v16.2+21 more2018-07-18

CVE-2018-2966 [HIGH] CVE-2018-2966: Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subco Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person

nvd

CVE-2018-2969MEDIUMCVSS 4.3v16.1v16.2+2 more2018-07-18

CVE-2018-2969 [MEDIUM] CVE-2018-2969: Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subco Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). The supported version that is affected is 16.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized rea

nvd

CVE-2018-2967MEDIUMCVSS 5.3v16.1v16.2+21 more2018-07-18

CVE-2018-2967 [MEDIUM] CVE-2018-2967: Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subco Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows physical access to compromise Primavera Unifier. While the vulnerability is in Primavera Unifier, attacks may significantly impact additional p

nvd

CVE-2018-2965MEDIUMCVSS 6.1v16.1v16.2+2 more2018-07-18

CVE-2018-2965 [MEDIUM] CVE-2018-2965: Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subco Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). The supported version that is affected is 16.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than

nvd

CVE-2018-2968MEDIUMCVSS 6.5v16.1v16.2+21 more2018-07-18

CVE-2018-2968 [MEDIUM] CVE-2018-2968: Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subco Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a pers

nvd

CVE-2017-15095CRITICALCVSS 9.8≥ 17.1, ≤ 17.12v16.1+2 more2018-02-06

CVE-2017-15095 [CRITICAL] CWE-184 CVE-2017-15095: A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, w A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be us

nvd

CVE-2017-7525CRITICALCVSS 9.8≥ 17.1, ≤ 17.12v16.1+2 more2018-02-06

CVE-2017-7525 [CRITICAL] CWE-184 CVE-2017-7525: A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

nvd

CVE-2018-2620HIGHCVSS 8.1v10.0v10.1+7 more2018-01-18

CVE-2018-2620 [HIGH] CVE-2018-2620: Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subco Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Platform). Supported versions that are affected are 10.x, 15.x, 16.x and 17.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can resu

nvd

CVE-2015-9251MEDIUMCVSS 6.1≥ 17.1, ≤ 17.12v16.1+2 more2018-01-18

CVE-2015-9251 [MEDIUM] CWE-79 CVE-2015-9251: jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax req jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

nvd

CVE-2017-10150MEDIUMCVSS 4.3v9.13v9.14+6 more2017-08-08

CVE-2017-10150 [MEDIUM] CVE-2017-10150: Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: P Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vuln

nvd

CVE-2017-10149MEDIUMCVSS 4.8v9.13v9.14+6 more2017-08-08

CVE-2017-10149 [MEDIUM] CVE-2017-10149: Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: P Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require hum

nvd

CVE-2017-3501MEDIUMCVSS 6.1v9.13v9.14+4 more2017-04-24

CVE-2017-3501 [MEDIUM] CVE-2017-3501: Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: P Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.0, 10.1, 15.1 and 15.2. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interacti

nvd

CVE-2016-7103MEDIUMCVSS 6.1≥ 16.0, ≤ 16.2≥ 17.0, ≤ 17.12.4+1 more2017-03-15

CVE-2016-7103 [MEDIUM] CWE-79 CVE-2016-7103: Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

nvd

CVE-2016-4055MEDIUMCVSS 6.5≥ 16.0, ≤ 18.8.42017-01-23

CVE-2016-4055 [MEDIUM] CWE-400 CVE-2016-4055: The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cau The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."

nvd

← Previous5 / 5