Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Primavera_unifier
(Oracle)| Repositories |
• https://github.com/FasterXML/jackson-databind
• https://github.com/jquery/jquery • https://github.com/jquery/jquery-ui |
| #Vulnerabilities | 100 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-02-15 | CVE-2021-23337 | Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. | Lodash, Active_iq_unified_manager, Cloud_manager, System_manager, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_extensibility_workbench, Banking_supply_chain_finance, Banking_trade_finance_process_management, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_policy, Communications_design_studio, Communications_services_gatekeeper, Communications_session_border_controller, Enterprise_communications_broker, Financial_services_crime_and_compliance_management_studio, Health_sciences_data_management_workbench, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Sinec_ins | 7.2 | ||
| 2020-08-29 | CVE-2020-25020 | MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components. | Mpxj, Primavera_unifier | 9.8 | ||
| 2020-12-14 | CVE-2020-35460 | common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations. | Mpxj, Primavera_unifier | 5.3 | ||
| 2020-07-15 | CVE-2020-14618 | Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Mobile App). The supported version that is affected is Prior to 20.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to... | Primavera_unifier | N/A | ||
| 2020-07-15 | CVE-2020-14617 | Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform, Mobile App). Supported versions that are affected are 16.1, 16.2, 17.7-17.12, 18.8 and 19.12; Mobile App: Prior to 20.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in... | Primavera_unifier | N/A | ||
| 2017-04-24 | CVE-2017-3501 | Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.0, 10.1, 15.1 and 15.2. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact... | Primavera_unifier | 6.1 | ||
| 2017-08-08 | CVE-2017-10150 | Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data. CVSS 3.0 Base Score... | Primavera_unifier | 4.3 | ||
| 2017-08-08 | CVE-2017-10149 | Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly... | Primavera_unifier | 4.8 | ||
| 2019-01-02 | CVE-2018-19362 | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. | Debian_linux, Jackson\-Databind, Business_process_management_suite, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_workforce_management_software, Webcenter_portal | 9.8 | ||
| 2019-01-02 | CVE-2018-19361 | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. | Debian_linux, Jackson\-Databind, Business_process_management_suite, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_workforce_management_software, Webcenter_portal | 9.8 |