CVE-2020-14617 is a vulnerability in Oracle Primavera Unifier
Published on July 15, 2020
Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform, Mobile App). Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8 and 19.12; Mobile App: Prior to 20.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Unifier accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N).
Vulnerability Analysis
CVE-2020-14617 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Products Associated with CVE-2020-14617
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-14617 are published in Oracle Primavera Unifier:
Affected Versions
Oracle Corporation Primavera Unifier:- Version 16.1 is affected.
- Version 16.2 is affected.
- Version 17.7-17.12 is affected.
- Version 18.8 is affected.
- Version 19.12; Mobile App: Prior to 20.6 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.