Vulnerability Details : CVE-2017-3503

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access (Apache Commons BeanUtils)). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. While the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Publish Date : 2017-04-24 Last Update Date : 2017-07-10

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	6.5
Confidentiality Impact	Partial (There is considerable informational disclosure.)
Integrity Impact	Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact	Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity	Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication	Single system (The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface).)
Gained Access	None
Vulnerability Type(s)
CWE ID	284

- Products Affected By CVE-2017-3503

#	Product Type	Vendor	Product	Version
1	Application	Oracle	Primavera P6 Enterprise Project Portfolio Management	8.3	Version Details Vulnerabilities
2	Application	Oracle	Primavera P6 Enterprise Project Portfolio Management	8.4	Version Details Vulnerabilities
3	Application	Oracle	Primavera P6 Enterprise Project Portfolio Management	15.1	Version Details Vulnerabilities
4	Application	Oracle	Primavera P6 Enterprise Project Portfolio Management	15.2	Version Details Vulnerabilities
5	Application	Oracle	Primavera P6 Enterprise Project Portfolio Management	16.1	Version Details Vulnerabilities
6	Application	Oracle	Primavera P6 Enterprise Project Portfolio Management	16.2	Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Oracle	Primavera P6 Enterprise Project Portfolio Management	6

- References For CVE-2017-3503

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html CONFIRM

http://www.securityfocus.com/bid/97891
BID 97891 Oracle Primavera Products CVE-2017-3503 Remote Security Vulnerability Release Date:2017-04-19

http://www.securitytracker.com/id/1038289
SECTRACK 1038289

- Metasploit Modules Related To CVE-2017-3503

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)