CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21558
https://notcve.org/view.php?id=CVE-2025-21558
21 Jan 2025 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0 and 22.12.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerabi... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-863: Incorrect Authorization •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21528
https://notcve.org/view.php?id=CVE-2025-21528
21 Jan 2025 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0, 22.12.1.0-22.12.16.0 and 23.12.1.0-23.12.10.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than th... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21526
https://notcve.org/view.php?id=CVE-2025-21526
21 Jan 2025 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0, 22.12.1.0-22.12.16.0 and 23.12.1.0-23.12.10.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-21095
https://notcve.org/view.php?id=CVE-2024-21095
16 Apr 2024 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 19.12.0-19.12.22, 20.12.0-20.12.21, 21.12.0-21.12.18, 22.12.0-22.12.12 and 23.12.0-23.12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized acc... • https://www.oracle.com/security-alerts/cpuapr2024.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •