CVE-2017-3500 - Vulnerability Details

Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Gateway accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.0 Base Score 8.7 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H).

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Oracle	Primavera Gateway

Configuration 1 [-]

OR	cpe:2.3:a:oracle:primavera_gateway:1.0:::::::*
	cpe:2.3:a:oracle:primavera_gateway:1.1:::::::*
	cpe:2.3:a:oracle:primavera_gateway:14.2:::::::*
	cpe:2.3:a:oracle:primavera_gateway:15.1:::::::*
	cpe:2.3:a:oracle:primavera_gateway:15.2:::::::*
	cpe:2.3:a:oracle:primavera_gateway:16.1:::::::*
	cpe:2.3:a:oracle:primavera_gateway:16.2:::::::*

No data.

References

Link	Providers
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
http://www.securityfocus.com/bid/97881
http://www.securitytracker.com/id/1038289

History

Mon, 07 Oct 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2017-04-24T19:00:00

Updated: 2024-10-07T16:14:28.626Z

Reserved: 2016-12-06T00:00:00

Link: CVE-2017-3500

Vulnrichment

Updated: 2024-08-05T14:30:57.805Z

NVD

Status : Deferred

Published: 2017-04-24T19:59:02.817

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-3500

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object