CVE-2017-3508

EPSS 2.3%

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 2.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

24 abr 2017Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Primavera Gateway. CVSS 3.0 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Produtos afetados

Oracle Corporation · Primavera Gateway

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97883 http://www.securityfocus.com/bid/97889 http://www.securitytracker.com/id/1038289