CVE-2016-3572
Published on: 07/21/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:03 PM UTC
Certain versions of Primavera P6 Enterprise Project Portfolio Management from Oracle contain the following vulnerability:
Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web Access.
- CVE-2016-3572 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 6.4 - MEDIUM
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
|---|---|---|---|---|
| NETWORK | LOW | LOW | NONE | |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
| CHANGED | LOW | LOW | NONE |
CVSS2 Score: 5.5 - MEDIUM
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| NETWORK | LOW | SINGLE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| PARTIAL | PARTIAL | NONE |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| Oracle Critical Patch Update - July 2016 | Patch Vendor Advisory www.oracle.com text/html |
CONFIRM www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html |
| Oracle July 2016 Critical Patch Update Multiple Vulnerabilities | Third Party Advisory VDB Entry cve.report (archive) text/html |
BID 91787 |
| Oracle Primavera Products CVE-2016-3572 Remote Security Vulnerability | cve.report (archive) text/html |
BID 91855 |
| Oracle Primavera Products Suite Multiple Flaws Let Remote Users Access and Modify Data and Remote Authenticated Users Gain Elevated Privileges - SecurityTracker | www.securitytracker.com text/html |
SECTRACK 1036393 |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 15.1 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 15.2 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 16.1 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 8.3 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 8.4 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 15.1 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 15.2 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 16.1 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 8.3 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 8.4 | All | All | All |
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.3:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.3:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE