CVE-2016-3573 : Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Prod

Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3570, and CVE-2016-3571.

Published 2016-07-21 10:14:11

Updated 2017-09-01 01:29:15

Source Oracle

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2016-3573

Probability of exploitation activity in the next 30 days: 0.17%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 53 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2016-3573

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:N	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
6.1	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	2.8	2.7	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None

References for CVE-2016-3573

http://www.securityfocus.com/bid/91881

Oracle Primavera Products CVE-2016-3573 Remote Security Vulnerability
http://www.securityfocus.com/bid/91787

Oracle July 2016 Critical Patch Update Multiple Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Oracle Critical Patch Update - July 2016
Patch;Vendor Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1036393

Oracle Primavera Products Suite Multiple Flaws Let Remote Users Access and Modify Data and Remote Authenticated Users Gain Elevated Privileges - SecurityTracker

CVEs referencing this url

Products affected by CVE-2016-3573

Oracle » Primavera P6 Enterprise Project Portfolio Management » Version: 8.4
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*
Matching versions
Oracle » Primavera P6 Enterprise Project Portfolio Management » Version: 8.3
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.3:*:*:*:*:*:*:*
Matching versions
Oracle » Primavera P6 Enterprise Project Portfolio Management » Version: 15.2
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*
Matching versions
Oracle » Primavera P6 Enterprise Project Portfolio Management » Version: 16.1
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*
Matching versions
Oracle » Primavera P6 Enterprise Project Portfolio Management » Version: 15.1
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2016-3573

Exploit prediction scoring system (EPSS) score for CVE-2016-3573

CVSS scores for CVE-2016-3573

References for CVE-2016-3573

Products affected by CVE-2016-3573