Oracle Primavera Unifier Multiple Vulnerabilities (July 2017 CPU)

medium Nessus Plugin ID 101901

Synopsis

An application running on the remote web server is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.x prior to 16.2.8.1. It is, therefore, affected by the following vulnerabilities :

- A unspecified flaw exists in the Platform component that allows an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-10149)

- A unspecified flaw exists in the Platform component that allows an authenticated, remote attacker to impact integrity. (CVE-2017-10150)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Oracle Primavera Unifier version 16.2.8.1 or later.

See Also

http://www.nessus.org/u?76f5def7

Plugin Details

Severity: Medium

ID: 101901

File Name: oracle_primavera_unifier_cpu_jul_2017.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 7/21/2017

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N

CVSS Score Source: CVE-2017-10150

CVSS v3

Risk Factor: Medium

Base Score: 4.8

Temporal Score: 4.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:primavera_unifier

Required KB Items: installed_sw/Oracle Primavera Unifier, www/weblogic

Exploit Ease: No exploit is required

Patch Publication Date: 7/18/2017

Vulnerability Publication Date: 7/18/2017

Reference Information

CVE: CVE-2017-10149, CVE-2017-10150

BID: 99780, 99800