SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Primavera Products Suite Vendors:   Oracle
Oracle Primavera Products Suite Flaws Let Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data
SecurityTracker Alert ID:  1028445
SecurityTracker URL:  http://securitytracker.com/id/1028445
CVE Reference:   CVE-2013-2405, CVE-2013-2411   (Links to External Site)
Date:  Apr 17 2013
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.0, 8.1, 8.2
Description:   Two vulnerabilities were reported in Oracle Primavera Products Suite. A remote user can partially modify data. A remote authenticated user can partially access and modify data.

A remote authenticated user can partially access and modify data [CVE-2013-2405].

A remote user can partially modify data [CVE-2013-2411].

The Web Access component of Primavera P6 Enterprise Project Portfolio Management versions 7.0, 8.1, and 8.2 is affected by these vulnerabilities.

The following researchers reported these and other Oracle product vulnerabilities:

Aaron Portnoy of Exodus Intelligence; Alex Mor of Ernst & Young; Andrea Micalizzi aka rgod, working with HP's Zero Day Initiative; Andrew Davies formerly of NCC Group; Andy Davis of NCC Group; Behrang Fouladi of SensePost Information Security; Borked of the Google Security Team; Fernando Munoz via Secunia SVCRP; Fernando Munoz; Francis Provencher via HP's Zero Day Initiative; Jakub Wartak via iDefense Labs; K. Gudinavicius of SEC Consult; Mike Gerdts formerly of GE; Oliver Gruskovnjak of Portcullis Inc; Oren Hafif of Ernst & Young; Pavel Toporkov of Positive Technologies; Rajat Swarup of AT&T Consulting; Recx; River Tarnell of Wikimedia Deutschland; Rohan Stelling of BAE Systems Detica; Tan, Kean Siong of KPMG Management Consulting, Singapore; Travis Emmert; and Travis Emmert via iDefense.

Impact:   A remote user can partially modify data.

A remote authenticated user can partially access and modify data.

Solution:   The vendor has issued a fix as part of the Oracle Critical Patch Update Advisory - April 2013.

The vendor's advisory is available at:

http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

Vendor URL:  www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Windows (2000), Windows (2003), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC