CVE-2018-2967

Current Description

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows physical access to compromise Primavera Unifier. While the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Unifier accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Basic Data

PublishedJuly 18, 2018
Last ModifiedOctober 03, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-noinfo
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score2.1
SeverityLOW
Exploitability Score3.9
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CVSS 3 - Attack VectorPHYSICAL
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredNONE
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactNONE
CVSS 3 - Availability ImpactNONE
CVSS 3 - Base Score5.3
CVSS 3 - Base SeverityMEDIUM
Exploitability Score0.9
Base SeverityMEDIUM

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOraclePrimavera Unifier16.1*******
    2.3ApplicationOraclePrimavera Unifier16.2*******
    2.3ApplicationOraclePrimavera Unifier16.2.1.0*******
    2.3ApplicationOraclePrimavera Unifier16.2.4.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOraclePrimavera Unifier17.1*******
    2.3ApplicationOraclePrimavera Unifier17.2*******
    2.3ApplicationOraclePrimavera Unifier17.3*******
    2.3ApplicationOraclePrimavera Unifier17.4*******
    2.3ApplicationOraclePrimavera Unifier17.5*******
    2.3ApplicationOraclePrimavera Unifier17.6*******
    2.3ApplicationOraclePrimavera Unifier17.7*******
    2.3ApplicationOraclePrimavera Unifier17.8*******
    2.3ApplicationOraclePrimavera Unifier17.9*******
    2.3ApplicationOraclePrimavera Unifier17.10*******
    2.3ApplicationOraclePrimavera Unifier17.11*******
    2.3ApplicationOraclePrimavera Unifier17.12*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOraclePrimavera Unifier18.1*******
    2.3ApplicationOraclePrimavera Unifier18.2*******
    2.3ApplicationOraclePrimavera Unifier18.3*******
    2.3ApplicationOraclePrimavera Unifier18.4*******
    2.3ApplicationOraclePrimavera Unifier18.5*******
    2.3ApplicationOraclePrimavera Unifier18.6*******
    2.3ApplicationOraclePrimavera Unifier18.7*******

Vulnerable Software List

VendorProductVersions
Oracle Primavera Unifier 16.1, 16.2, 16.2.1.0, 16.2.4.0, 17.1, 17.10, 17.11, 17.12, 17.2, 17.3, 17.4, 17.5, 17.6, 17.7, 17.8, 17.9, 18.1, 18.2, 18.3, 18.4, 18.5, 18.6, 18.7

References

NameSourceURLTags
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlCONFIRMPatch Vendor Advisory
104823http://www.securityfocus.com/bid/104823BID