cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-21558,https://securityvulnerability.io/vulnerability/CVE-2025-21558,Vulnerability in Primavera P6 Enterprise Project Portfolio Management by Oracle,"A vulnerability has been identified in Oracle's Primavera P6 Enterprise Project Portfolio Management, specifically within the Web Access component. This flaw allows low-privileged attackers with network access via HTTP to exploit the system, requiring human interaction from a third party. Although primarily affecting Primavera P6, successful exploitation could have broader implications for associated products. Attackers may gain unauthorized capabilities to update, insert, delete, or read sensitive data within the system, compromising both confidentiality and integrity of the accessible data.",Oracle,Primavera P6 Enterprise Project Portfolio Management,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:19.286Z,0
CVE-2025-21528,https://securityvulnerability.io/vulnerability/CVE-2025-21528,Unauthenticated Access Vulnerability in Primavera P6 by Oracle,"A vulnerability exists in Oracle's Primavera P6 Enterprise Project Portfolio Management that permits unauthenticated attackers with network access via HTTP to exploit the system. This flaw enables unauthorized updates, inserts, or deletions of accessible data given that some level of human interaction from a non-attacker is required. The affected versions include multiple releases from 20.12 to 23.12, making it crucial for users to assess their installation for potential risks.",Oracle,Primavera P6 Enterprise Project Portfolio Management,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:07.485Z,0
CVE-2025-21526,https://securityvulnerability.io/vulnerability/CVE-2025-21526,Web Access Vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management,"A vulnerability exists in Oracle's Primavera P6 Enterprise Project Portfolio Management affecting specific versions of the Web Access component. This weakness allows low-privileged attackers with network access to compromise the application, necessitating human interaction for exploitation. Resulting attacks can lead to unauthorized updates, deletions, or access to sensitive data within Primavera P6. Additionally, successful exploitation may extend beyond the primary product, affecting other related systems. It is crucial to apply recommended security patches to mitigate risks associated with this vulnerability.",Oracle,Primavera P6 Enterprise Project Portfolio Management,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:06.692Z,0
CVE-2022-21377,https://securityvulnerability.io/vulnerability/CVE-2022-21377,Unauthenticated Access Vulnerability in Oracle Primavera Portfolio Management,"An unauthenticated access vulnerability exists in the Web API component of Oracle's Primavera Portfolio Management, affecting several versions of the product. This flaw enables network-based attackers to exploit the system without any credentials. Although human interaction is necessary for successful exploitation, this vulnerability could allow unauthorized users to update, insert, or delete sensitive data, as well as gain unauthorized read access to select information within Primavera Portfolio Management.",Oracle,Primavera Portfolio Management,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-01-19T11:26:13.000Z,0
CVE-2022-21376,https://securityvulnerability.io/vulnerability/CVE-2022-21376,Access Vulnerability in Primavera Portfolio Management by Oracle,"A vulnerability exists in the Primavera Portfolio Management product by Oracle that allows an unauthenticated attacker to exploit the system via an HTTP connection. This flaw enables the potential for unauthorized updates, inserts, and deletions of accessible data, while also allowing unauthorized read access to certain data. Successful exploitation of this vulnerability necessitates human interaction from a third party, raising concerns over the security of sensitive project data and the integrity of the management system.",Oracle,Primavera Portfolio Management,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-01-19T11:26:11.000Z,0
CVE-2022-21281,https://securityvulnerability.io/vulnerability/CVE-2022-21281,Web Access Vulnerability in Primavera Portfolio Management by Oracle,"A vulnerability exists in the Web Access component of Oracle's Primavera Portfolio Management that allows attackers with high privileges and network access to exploit the system. The vulnerability requires user interaction from an external party and could lead to unauthorized alterations, including insertions, updates, and deletions of accessible data. Additionally, it poses risks of unauthorized read access to specific subsets of Primavera Portfolio Management data, impacting overall data confidentiality and integrity.",Oracle,Primavera Portfolio Management,4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-01-19T11:23:08.000Z,0
CVE-2022-21269,https://securityvulnerability.io/vulnerability/CVE-2022-21269,Unauthorized Access Vulnerability in Primavera Portfolio Management by Oracle,"A vulnerability in the Primavera Portfolio Management product of Oracle allows an unauthenticated attacker with network access via HTTP to compromise the application. This issue affects multiple supported versions and requires human interaction from a user who is not the attacker to exploit it successfully. Once exploited, it can lead to unauthorized update, insert, or delete actions on accessible data within Primavera, as well as unauthorized read access to a subset of this data. Such vulnerabilities can significantly impact the integrity and confidentiality of the system.",Oracle,Primavera Portfolio Management,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-01-19T11:22:43.000Z,0
CVE-2022-21244,https://securityvulnerability.io/vulnerability/CVE-2022-21244,Unauthorized Access Vulnerability in Primavera Portfolio Management by Oracle,"A vulnerability exists in Oracle's Primavera Portfolio Management Web Access component that allows unauthenticated attackers with network access to exploit the system. While successful exploitation requires human interaction from another user, it enables attackers to perform unauthorized operations such as updates, inserts, or deletions of accessible data. This impacts the integrity of the application's data and emphasizes the importance of implementing security practices to mitigate potential risks.",Oracle,Primavera Portfolio Management,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-01-19T11:21:53.000Z,0
CVE-2022-21243,https://securityvulnerability.io/vulnerability/CVE-2022-21243,Web Access Vulnerability in Oracle Primavera Portfolio Management,"A vulnerability in Oracle Primavera Portfolio Management's Web Access component allows a low-privileged attacker with network access via HTTP to exploit the system. This exploitation can lead to unauthorized actions that compromise the availability of the Primavera service, potentially resulting in partial denial of service (DOS). Organizations using affected versions should prioritize remediation to secure their environment from potential risks.",Oracle,Primavera Portfolio Management,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-01-19T11:21:52.000Z,0
CVE-2022-21242,https://securityvulnerability.io/vulnerability/CVE-2022-21242,Low Privilege Vulnerability in Primavera Portfolio Management by Oracle,"A vulnerability exists in the Primavera Portfolio Management product from Oracle's Construction and Engineering division, specifically affecting its Web Access component. The supported versions at risk range from 18.0.0.0 to 20.0.0.1. This vulnerability is easily exploitable by low-privileged attackers with network access via HTTP, requiring some level of human interaction from non-attacking persons. Although primarily affecting Primavera Portfolio Management, the attack could also influence other associated products. Successful exploitation could permit unauthorized updates, insertions, or deletions of accessible data, and unauthorized read access to a portion of Primavera Portfolio Management's data.",Oracle,Primavera Portfolio Management,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-01-19T11:21:49.000Z,0
CVE-2021-2386,https://securityvulnerability.io/vulnerability/CVE-2021-2386,Low Privileged Access Vulnerability in Primavera P6 Enterprise Project Portfolio Management by Oracle,"A vulnerability exists in the Primavera P6 Enterprise Project Portfolio Management software from Oracle, specifically within the Web Access component. This flaw allows a low privileged attacker with network access via HTTP to potentially gain unauthorized read access to certain data within the application. Affected versions are 20.12.0 through 20.12.3, which may expose sensitive information due to this security weakness.",Oracle,Primavera P6 Enterprise Project Portfolio Management,4.3,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2021-07-20T22:44:01.000Z,0
CVE-2021-2366,https://securityvulnerability.io/vulnerability/CVE-2021-2366,Web Access Vulnerability in Primavera P6 Enterprise Project Portfolio Management from Oracle,"A vulnerability exists in Oracle's Primavera P6 Enterprise Project Portfolio Management that allows low privileged attackers with network access through HTTP to exploit the system. This vulnerability, found in the Web Access component, could lead to unauthorized updates, inserts, or deletions of accessible data, as well as unauthorized reading of certain data. Successful exploitation poses a significant risk to data integrity and confidentiality across the affected products.",Oracle,Primavera P6 Enterprise Project Portfolio Management,6.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2021-07-20T22:43:43.000Z,0
CVE-2020-2562,https://securityvulnerability.io/vulnerability/CVE-2020-2562,Unauthenticated Access Vulnerability in Primavera Portfolio Management by Oracle,"The vulnerability in Primavera Portfolio Management's Investor Module allows an unauthenticated attacker with HTTP network access to exploit the system. While it primarily affects Primavera, successful exploitation can lead to unauthorized access to sensitive data, allowing attackers to perform operations such as update, insert, or delete. Moreover, successful exploitation necessitates human interaction from a victim, amplifying the potential impact. This risk underscores the need for organizations using Primavera Portfolio Management to prioritize security measures to safeguard their data.",Oracle,Primavera Portfolio Management,6.1,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2020-07-15T17:34:36.000Z,0
CVE-2020-14706,https://securityvulnerability.io/vulnerability/CVE-2020-14706,Unauthorized Data Access in Primavera P6 by Oracle,"A vulnerability exists in Primavera P6 Enterprise Project Portfolio Management from Oracle that allows unauthenticated attackers with network access to potentially compromise the system. This flaw can lead to unauthorized access to sensitive project data, and while exploiting it requires human interaction, it may expose critical information. Attackers could gain the ability to update, insert, or delete accessible data, affecting the integrity of the entire project management environment.",Oracle,Primavera P6 Enterprise Project Portfolio Management,5.9,MEDIUM,0.0018100000452250242,false,,false,false,false,,,false,false,,2020-07-15T17:34:35.000Z,0
CVE-2020-14653,https://securityvulnerability.io/vulnerability/CVE-2020-14653,Web Access Vulnerability in Oracle Primavera P6 Project Portfolio Management,"A security flaw in Oracle's Primavera P6 Enterprise Project Portfolio Management allows a low-privileged attacker to gain unauthorized access via HTTP. This vulnerability can lead to unauthorized modifications to data, including updates, inserts, or deletions, as well as unauthorized reading of accessible data. Affected versions are 16.1.0.0 through 16.2.20.1, 17.1.0.0 through 17.12.17.1, and 18.1.0.0 through 18.8.18.2. Operators using these versions should prioritize applying security updates to mitigate potential risks.",Oracle,Primavera P6 Enterprise Project Portfolio Management,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-07-15T17:34:32.000Z,0
CVE-2020-14566,https://securityvulnerability.io/vulnerability/CVE-2020-14566,Unauthorized Data Manipulation Vulnerability in Oracle Primavera Portfolio Management,"A vulnerability exists in the Web Access component of Oracle's Primavera Portfolio Management, which can be exploited by unauthenticated attackers with network access via HTTP. The vulnerability allows these attackers to gain unauthorized update, insert, or delete access to certain data within Primavera Portfolio Management. While successful exploitation necessitates some level of human interaction from an outside party, the ease of the attack makes it a significant concern for organizations utilizing these versions.",Oracle,Primavera Portfolio Management,4.3,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2020-07-15T17:34:27.000Z,0
CVE-2020-14549,https://securityvulnerability.io/vulnerability/CVE-2020-14549,Web Server Vulnerability in Primavera Portfolio Management by Oracle,"A vulnerability exists in the Web Server component of Oracle's Primavera Portfolio Management that can be exploited by an unauthenticated attacker with network access via HTTPS. The attack requires user interaction from a third party to succeed. When exploited, this vulnerability can lead to unauthorized access to sensitive data, including the ability to update, insert, or delete data within the Primavera Portfolio Management system. It's essential for organizations using the affected versions to implement appropriate security measures to mitigate the potential risks associated with this vulnerability.",Oracle,Primavera Portfolio Management,5.9,MEDIUM,0.0018100000452250242,false,,false,false,false,,,false,false,,2020-07-15T17:34:26.000Z,0
CVE-2020-14529,https://securityvulnerability.io/vulnerability/CVE-2020-14529,Vulnerability in Primavera Portfolio Management by Oracle affecting Investor Module,"A vulnerability exists in the Investor Module of Oracle's Primavera Portfolio Management, which can be exploited by low-privileged attackers with HTTP network access. While the attack requires interaction from a third party, it can lead to unauthorized changes and access to Primavera Portfolio Management data, compromising both confidentiality and integrity of sensitive information.",Oracle,Primavera Portfolio Management,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-07-15T17:34:25.000Z,0
CVE-2020-14528,https://securityvulnerability.io/vulnerability/CVE-2020-14528,Unauthenticated Vulnerability in Primavera Portfolio Management by Oracle,"A vulnerability exists in the Oracle Primavera Portfolio Management product, specifically in the Web Access component. Affected versions include 16.1.0.0 through 16.1.5.1, 18.0.0.0 through 18.0.2.0, and version 19.0.0.0. This easily exploitable flaw allows unauthorized individuals with network access via HTTP to compromise the application's security. Successful exploitation requires human interaction from an unsuspecting user. Consequently, attackers could gain unauthorized access to critical data, including the ability to read, insert, update, or delete information within the Primavera Portfolio Management system, impacting additional products connected with it. Organizations using these versions should prioritize patching to prevent potential data breaches.",Oracle,Primavera Portfolio Management,6.1,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2020-07-15T17:34:25.000Z,0
CVE-2020-14527,https://securityvulnerability.io/vulnerability/CVE-2020-14527,Unauthorized Access Vulnerability in Primavera Portfolio Management by Oracle,"A vulnerability exists within the Primavera Portfolio Management product from Oracle, particularly affecting Web Access. This flaw allows an unauthenticated attacker with network access via HTTP the opportunity to compromise the system. Exploitation of this vulnerability necessitates human interaction from an individual other than the attacker. If successfully executed, the attacker can gain unauthorized access to critical data or potentially assume complete control over all accessible data within Primavera Portfolio Management. Furthermore, this vulnerability permits unauthorized updates, inserts, or deletions of certain data, posing a significant risk to the integrity and confidentiality of the information stored.",Oracle,Primavera Portfolio Management,5.9,MEDIUM,0.0018100000452250242,false,,false,false,false,,,false,false,,2020-07-15T17:34:25.000Z,0
CVE-2020-2706,https://securityvulnerability.io/vulnerability/CVE-2020-2706,Vulnerability in Primavera P6 Project Management by Oracle,"An easily exploitable vulnerability exists in Oracle's Primavera P6 Enterprise Project Portfolio Management that allows a low privileged attacker with network access via HTTP to compromise the system. Successful exploitation may require human interaction and can lead to unauthorized read, update, insert, or delete access to data within Primavera P6. While primarily affecting Primavera P6, the implications of successful attacks can extend to other interconnected systems and applications.",Oracle,Primavera P6 Enterprise Project Portfolio Management,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-04-15T13:29:43.000Z,0
CVE-2020-2594,https://securityvulnerability.io/vulnerability/CVE-2020-2594,Vulnerability in Oracle Primavera P6 Project Management Software,"This vulnerability occurs within the Primavera P6 Enterprise Project Portfolio Management software, where an attacker with low privileges and network access can exploit the system via HTTP. The attack depends on human interaction, which could lead to significant unauthorized actions, including updates, deletions, and unauthorized reading of accessible data. Furthermore, this vulnerability has the potential to result in a partial denial of service of the affected product. Organizations using supported versions must take appropriate actions to mitigate risks associated with this issue, as it not only affects Primavera P6 but could also compromise other integrated products.",Oracle,Primavera P6 Enterprise Project Portfolio Management,6.5,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2020-04-15T13:29:43.000Z,0
CVE-2020-2707,https://securityvulnerability.io/vulnerability/CVE-2020-2707,WebAccess Vulnerability in Primavera P6 Project Portfolio Management by Oracle,"A vulnerability in Oracle's Primavera P6 Enterprise Project Portfolio Management product, specifically within the WebAccess component, allows an attacker with low privileges and network access to exploit the system. This exploit requires human interaction from a third party. Attackers can gain unauthorized access to modify and delete accessible data, as well as unauthorized read access to certain data sets. The ramifications of this vulnerability not only impact Primavera P6 but could also affect other interconnected products.",Oracle,Primavera P6 Enterprise Project Portfolio Management,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-01-15T16:34:08.000Z,0
CVE-2019-3020,https://securityvulnerability.io/vulnerability/CVE-2019-3020,Unauthenticated Access Vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management,"A significant vulnerability exists in Oracle's Primavera P6 Enterprise Project Portfolio Management, specifically in the web access component. The flaw allows an unauthenticated attacker with network access through HTTP to compromise the system. While successfully exploiting this vulnerability necessitates human interaction from someone other than the attacker, it poses a severe risk as it can lead to unauthorized creation, deletion, or modification of critical data. Moreover, successful exploitation can grant the attacker unauthorized access to a broad range of Primavera P6 data, which may also impact other interconnected Oracle products.",Oracle,Primavera P6 Enterprise Project Portfolio Management,9.3,CRITICAL,0.0022799998987466097,false,,false,false,false,,,false,false,,2019-10-16T17:40:59.000Z,0
CVE-2019-2976,https://securityvulnerability.io/vulnerability/CVE-2019-2976,Web Access Vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management,"A vulnerability exists in Oracle's Primavera P6 Enterprise Project Portfolio Management product within the Web Access component. This issue allows low-privileged attackers with network access via HTTP to potentially compromise the application. While successful exploitation requires human interaction from a user other than the attacker, the impact can lead to unauthorized access to critical data or complete access to all data managed by Primavera P6. This vulnerability affects several versions of the software, posing a significant risk to projects relying on this platform.",Oracle,Primavera P6 Enterprise Project Portfolio Management,6.8,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2019-10-16T17:40:57.000Z,0