cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-21558,https://securityvulnerability.io/vulnerability/CVE-2025-21558,Vulnerability in Primavera P6 Enterprise Project Portfolio Management by Oracle,"A vulnerability has been identified in Oracle's Primavera P6 Enterprise Project Portfolio Management, specifically within the Web Access component. This flaw allows low-privileged attackers with network access via HTTP to exploit the system, requiring human interaction from a third party. Although primarily affecting Primavera P6, successful exploitation could have broader implications for associated products. Attackers may gain unauthorized capabilities to update, insert, delete, or read sensitive data within the system, compromising both confidentiality and integrity of the accessible data.",Oracle,Primavera P6 Enterprise Project Portfolio Management,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:19.286Z,0
CVE-2025-21528,https://securityvulnerability.io/vulnerability/CVE-2025-21528,Unauthenticated Access Vulnerability in Primavera P6 by Oracle,"A vulnerability exists in Oracle's Primavera P6 Enterprise Project Portfolio Management that permits unauthenticated attackers with network access via HTTP to exploit the system. This flaw enables unauthorized updates, inserts, or deletions of accessible data given that some level of human interaction from a non-attacker is required. The affected versions include multiple releases from 20.12 to 23.12, making it crucial for users to assess their installation for potential risks.",Oracle,Primavera P6 Enterprise Project Portfolio Management,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:07.485Z,0
CVE-2025-21526,https://securityvulnerability.io/vulnerability/CVE-2025-21526,Web Access Vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management,"A vulnerability exists in Oracle's Primavera P6 Enterprise Project Portfolio Management affecting specific versions of the Web Access component. This weakness allows low-privileged attackers with network access to compromise the application, necessitating human interaction for exploitation. Resulting attacks can lead to unauthorized updates, deletions, or access to sensitive data within Primavera P6. Additionally, successful exploitation may extend beyond the primary product, affecting other related systems. It is crucial to apply recommended security patches to mitigate risks associated with this vulnerability.",Oracle,Primavera P6 Enterprise Project Portfolio Management,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:06.692Z,0
CVE-2021-2386,https://securityvulnerability.io/vulnerability/CVE-2021-2386,Low Privileged Access Vulnerability in Primavera P6 Enterprise Project Portfolio Management by Oracle,"A vulnerability exists in the Primavera P6 Enterprise Project Portfolio Management software from Oracle, specifically within the Web Access component. This flaw allows a low privileged attacker with network access via HTTP to potentially gain unauthorized read access to certain data within the application. Affected versions are 20.12.0 through 20.12.3, which may expose sensitive information due to this security weakness.",Oracle,Primavera P6 Enterprise Project Portfolio Management,4.3,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2021-07-20T22:44:01.000Z,0
CVE-2021-2366,https://securityvulnerability.io/vulnerability/CVE-2021-2366,Web Access Vulnerability in Primavera P6 Enterprise Project Portfolio Management from Oracle,"A vulnerability exists in Oracle's Primavera P6 Enterprise Project Portfolio Management that allows low privileged attackers with network access through HTTP to exploit the system. This vulnerability, found in the Web Access component, could lead to unauthorized updates, inserts, or deletions of accessible data, as well as unauthorized reading of certain data. Successful exploitation poses a significant risk to data integrity and confidentiality across the affected products.",Oracle,Primavera P6 Enterprise Project Portfolio Management,6.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2021-07-20T22:43:43.000Z,0
CVE-2020-14706,https://securityvulnerability.io/vulnerability/CVE-2020-14706,Unauthorized Data Access in Primavera P6 by Oracle,"A vulnerability exists in Primavera P6 Enterprise Project Portfolio Management from Oracle that allows unauthenticated attackers with network access to potentially compromise the system. This flaw can lead to unauthorized access to sensitive project data, and while exploiting it requires human interaction, it may expose critical information. Attackers could gain the ability to update, insert, or delete accessible data, affecting the integrity of the entire project management environment.",Oracle,Primavera P6 Enterprise Project Portfolio Management,5.9,MEDIUM,0.0018100000452250242,false,,false,false,false,,,false,false,,2020-07-15T17:34:35.000Z,0
CVE-2020-14653,https://securityvulnerability.io/vulnerability/CVE-2020-14653,Web Access Vulnerability in Oracle Primavera P6 Project Portfolio Management,"A security flaw in Oracle's Primavera P6 Enterprise Project Portfolio Management allows a low-privileged attacker to gain unauthorized access via HTTP. This vulnerability can lead to unauthorized modifications to data, including updates, inserts, or deletions, as well as unauthorized reading of accessible data. Affected versions are 16.1.0.0 through 16.2.20.1, 17.1.0.0 through 17.12.17.1, and 18.1.0.0 through 18.8.18.2. Operators using these versions should prioritize applying security updates to mitigate potential risks.",Oracle,Primavera P6 Enterprise Project Portfolio Management,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-07-15T17:34:32.000Z,0
CVE-2020-2706,https://securityvulnerability.io/vulnerability/CVE-2020-2706,Vulnerability in Primavera P6 Project Management by Oracle,"An easily exploitable vulnerability exists in Oracle's Primavera P6 Enterprise Project Portfolio Management that allows a low privileged attacker with network access via HTTP to compromise the system. Successful exploitation may require human interaction and can lead to unauthorized read, update, insert, or delete access to data within Primavera P6. While primarily affecting Primavera P6, the implications of successful attacks can extend to other interconnected systems and applications.",Oracle,Primavera P6 Enterprise Project Portfolio Management,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-04-15T13:29:43.000Z,0
CVE-2020-2594,https://securityvulnerability.io/vulnerability/CVE-2020-2594,Vulnerability in Oracle Primavera P6 Project Management Software,"This vulnerability occurs within the Primavera P6 Enterprise Project Portfolio Management software, where an attacker with low privileges and network access can exploit the system via HTTP. The attack depends on human interaction, which could lead to significant unauthorized actions, including updates, deletions, and unauthorized reading of accessible data. Furthermore, this vulnerability has the potential to result in a partial denial of service of the affected product. Organizations using supported versions must take appropriate actions to mitigate risks associated with this issue, as it not only affects Primavera P6 but could also compromise other integrated products.",Oracle,Primavera P6 Enterprise Project Portfolio Management,6.5,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2020-04-15T13:29:43.000Z,0
CVE-2020-2707,https://securityvulnerability.io/vulnerability/CVE-2020-2707,WebAccess Vulnerability in Primavera P6 Project Portfolio Management by Oracle,"A vulnerability in Oracle's Primavera P6 Enterprise Project Portfolio Management product, specifically within the WebAccess component, allows an attacker with low privileges and network access to exploit the system. This exploit requires human interaction from a third party. Attackers can gain unauthorized access to modify and delete accessible data, as well as unauthorized read access to certain data sets. The ramifications of this vulnerability not only impact Primavera P6 but could also affect other interconnected products.",Oracle,Primavera P6 Enterprise Project Portfolio Management,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-01-15T16:34:08.000Z,0
CVE-2019-3020,https://securityvulnerability.io/vulnerability/CVE-2019-3020,Unauthenticated Access Vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management,"A significant vulnerability exists in Oracle's Primavera P6 Enterprise Project Portfolio Management, specifically in the web access component. The flaw allows an unauthenticated attacker with network access through HTTP to compromise the system. While successfully exploiting this vulnerability necessitates human interaction from someone other than the attacker, it poses a severe risk as it can lead to unauthorized creation, deletion, or modification of critical data. Moreover, successful exploitation can grant the attacker unauthorized access to a broad range of Primavera P6 data, which may also impact other interconnected Oracle products.",Oracle,Primavera P6 Enterprise Project Portfolio Management,9.3,CRITICAL,0.0022799998987466097,false,,false,false,false,,,false,false,,2019-10-16T17:40:59.000Z,0
CVE-2019-2976,https://securityvulnerability.io/vulnerability/CVE-2019-2976,Web Access Vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management,"A vulnerability exists in Oracle's Primavera P6 Enterprise Project Portfolio Management product within the Web Access component. This issue allows low-privileged attackers with network access via HTTP to potentially compromise the application. While successful exploitation requires human interaction from a user other than the attacker, the impact can lead to unauthorized access to critical data or complete access to all data managed by Primavera P6. This vulnerability affects several versions of the software, posing a significant risk to projects relying on this platform.",Oracle,Primavera P6 Enterprise Project Portfolio Management,6.8,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2019-10-16T17:40:57.000Z,0
CVE-2019-2701,https://securityvulnerability.io/vulnerability/CVE-2019-2701,Web Access Vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management,"A vulnerability exists in the Web Access component of Oracle's Primavera P6 Enterprise Project Portfolio Management, specifically in the 18.8 version. This flaw can be exploited by a low-privileged attacker with network access via HTTP, enabling them to gain unauthorized access to sensitive data. Successful exploitation may lead to unauthorized read access to certain data within the Primavera P6 application, posing potential risks for data confidentiality and integrity.",Oracle,Primavera P6 Enterprise Project Portfolio Management,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-04-23T18:16:44.000Z,0
CVE-2019-2512,https://securityvulnerability.io/vulnerability/CVE-2019-2512,,"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.1, 15.2, 16.1, 16.2, 17.7-17.12 and 18.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).",Oracle,Primavera P6 Enterprise Project Portfolio Management,4.7,MEDIUM,0.0006699999794363976,false,,false,false,false,,,false,false,,2019-01-16T19:00:00.000Z,0
CVE-2018-3241,https://securityvulnerability.io/vulnerability/CVE-2018-3241,,"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.1, 15.2, 16.1, 16.2, 17.7 - 17.12 and 18.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",Oracle,Primavera P6 Enterprise Project Portfolio Management,6.1,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2018-10-17T01:00:00.000Z,0
CVE-2018-3281,https://securityvulnerability.io/vulnerability/CVE-2018-3281,,"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.1, 15.2, 16.1, 16.2, 17.7 - 17.12 and 18.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",Oracle,Primavera P6 Enterprise Project Portfolio Management,6.1,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2018-10-17T01:00:00.000Z,0
CVE-2018-2962,https://securityvulnerability.io/vulnerability/CVE-2018-2962,,"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.x, 16.x and 17.x. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Primavera P6 Enterprise Project Portfolio Management,4.4,MEDIUM,0.0005499999970197678,false,,false,false,false,,,false,false,,2018-07-18T13:00:00.000Z,0
CVE-2018-2960,https://securityvulnerability.io/vulnerability/CVE-2018-2960,,"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.x, 16.x and 17.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",Oracle,Primavera P6 Enterprise Project Portfolio Management,6.1,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2018-07-18T13:00:00.000Z,0
CVE-2018-2963,https://securityvulnerability.io/vulnerability/CVE-2018-2963,,"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.x and 16.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",Oracle,Primavera P6 Enterprise Project Portfolio Management,4.3,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2018-07-18T13:00:00.000Z,0
CVE-2018-2961,https://securityvulnerability.io/vulnerability/CVE-2018-2961,,"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.x, 16.x and 17.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",Oracle,Primavera P6 Enterprise Project Portfolio Management,6.1,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2018-07-18T13:00:00.000Z,0
CVE-2018-2849,https://securityvulnerability.io/vulnerability/CVE-2018-2849,,"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 16.2 and 17.1 - 17.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. While the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).",Oracle,Primavera P6 Enterprise Project Portfolio Management,7.7,HIGH,0.0006900000153109431,false,,false,false,false,,,false,false,,2018-04-19T02:00:00.000Z,0
CVE-2017-10038,https://securityvulnerability.io/vulnerability/CVE-2017-10038,,"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).",Oracle,Primavera P6 Enterprise Project Portfolio Management,6.5,MEDIUM,0.0009599999757483602,false,,false,false,false,,,false,false,,2017-08-08T15:00:00.000Z,0
CVE-2017-10046,https://securityvulnerability.io/vulnerability/CVE-2017-10046,,"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2 and 16.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Primavera P6 Enterprise Project Portfolio Management,5.4,MEDIUM,0.004670000169426203,false,,false,false,false,,,false,false,,2017-08-08T15:00:00.000Z,0
CVE-2017-10160,https://securityvulnerability.io/vulnerability/CVE-2017-10160,,"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).",Oracle,Primavera P6 Enterprise Project Portfolio Management,4.3,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2017-08-08T15:00:00.000Z,0
CVE-2017-10131,https://securityvulnerability.io/vulnerability/CVE-2017-10131,,"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.0 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L).",Oracle,Primavera P6 Enterprise Project Portfolio Management,6.5,MEDIUM,0.0007699999841861427,false,,false,false,false,,,false,false,,2017-08-08T15:00:00.000Z,0