CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21558
https://notcve.org/view.php?id=CVE-2025-21558
21 Jan 2025 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0 and 22.12.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerabi... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-863: Incorrect Authorization •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21528
https://notcve.org/view.php?id=CVE-2025-21528
21 Jan 2025 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0, 22.12.1.0-22.12.16.0 and 23.12.1.0-23.12.10.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than th... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21526
https://notcve.org/view.php?id=CVE-2025-21526
21 Jan 2025 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0, 22.12.1.0-22.12.16.0 and 23.12.1.0-23.12.10.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-21095
https://notcve.org/view.php?id=CVE-2024-21095
16 Apr 2024 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 19.12.0-19.12.22, 20.12.0-20.12.21, 21.12.0-21.12.18, 22.12.0-22.12.12 and 23.12.0-23.12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized acc... • https://www.oracle.com/security-alerts/cpuapr2024.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 77EXPL: 2CVE-2020-36518 – jackson-databind: denial of service via a large depth of nested objects
https://notcve.org/view.php?id=CVE-2020-36518
11 Mar 2022 — jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. jackson-databind versiones anteriores a 2.13.0, permite una excepción Java StackOverflow y una denegación de servicio por medio de una gran profundidad de objetos anidados A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects. Red Hat JBoss Enterprise Appli... • https://github.com/ghillert/boot-jackson-cve • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-21377
https://notcve.org/view.php?id=CVE-2022-21377
19 Jan 2022 — Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web API). Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2 and 20.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update,... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-21376
https://notcve.org/view.php?id=CVE-2022-21376
19 Jan 2022 — Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2 and 20.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized upda... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-21281
https://notcve.org/view.php?id=CVE-2022-21281
19 Jan 2022 — Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0 and 20.0.0.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Portfolio Managemen... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-21269
https://notcve.org/view.php?id=CVE-2022-21269
19 Jan 2022 — Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0 and 20.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Portfolio Managemen... • https://www.oracle.com/security-alerts/cpujan2022.html •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-21244
https://notcve.org/view.php?id=CVE-2022-21244
19 Jan 2022 — Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0 and 20.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unautho... • https://www.oracle.com/security-alerts/cpujan2022.html •