Oracle Primavera Unifier 17.0

CPE Details

Oracle Primavera Unifier 17.0
oracle
primavera_unifier
17.0
2019-10-31
15h03 +00:00
2019-10-31
15h03 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:oracle:primavera_unifier:17.0:*:*:*:*:*:*:*

Informations

Vendor

oracle

Product

primavera_unifier

Version

17.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-36518 2022-03-10 23h00 +00:00 jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
7.5
High
CVE-2018-2620 2018-01-18 01h00 +00:00 Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Platform). Supported versions that are affected are 10.x, 15.x, 16.x and 17.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Unifier accessible data as well as unauthorized access to critical data or complete access to all Primavera Unifier accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
8.1
High
CVE-2016-7103 2017-03-14 23h00 +00:00 Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
6.1
Medium
CVE-2016-4055 2017-01-23 20h00 +00:00 The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."
6.5
Medium