CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-3281
https://notcve.org/view.php?id=CVE-2018-3281
17 Oct 2018 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.1, 15.2, 16.1, 16.2, 17.7 - 17.12 and 18.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vul... • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html •
CVSS: 7.5EPSS: 1%CPEs: 37EXPL: 1CVE-2018-1000632 – dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents
https://notcve.org/view.php?id=CVE-2018-1000632
20 Aug 2018 — dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later. dom4j en versiones anteriores a la 2.1.1 contiene una vulnerabilidad CWE-91: Inyección XML en Clase: Element. Métodos: ... • https://access.redhat.com/errata/RHSA-2019:0362 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2018-2962
https://notcve.org/view.php?id=CVE-2018-2962
18 Jul 2018 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.x, 16.x and 17.x. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primaver... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-2961
https://notcve.org/view.php?id=CVE-2018-2961
18 Jul 2018 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.x, 16.x and 17.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-2960
https://notcve.org/view.php?id=CVE-2018-2960
18 Jul 2018 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.x, 16.x and 17.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2849
https://notcve.org/view.php?id=CVE-2018-2849
19 Apr 2018 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 16.2 and 17.1 - 17.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. While the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional pr... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •