Security Updates for Oracle Primavera Product Suites: January 2017

Oracle has released its latest Critical Patch Update (CPU) on January 17th, 2017. If you’d like to learn more about CPU’s, click here.

Please note that this CPU affects Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM). Oracle Primavera P6 Professional Project Management (PPM) licenses are not affected.

For the most recent Critical Patch Updates, click here.

Critical Patch Updates – January 2017

CVE# CVE-2016-1182
Supported Versions 8.2, 8.3, 8.4, 15.1, 15.2, 16.1, 16.2
Severity Rating (CVSS) 7.1 (out of 10)
What It Affects P6 Web Access
Result “Unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera P6 Enterprise Project Portfolio Management as well as unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data.” (Oracle)

 

CVE# CVE-2016-7052
Supported Versions 8.3, 8.4, 15.1, 15.2, 16.1, 16.2
Severity Rating (CVSS) 7.5 (out of 10)
What It Affects Project Manager
Result “Unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera P6 Enterprise Project Portfolio Management.” (Oracle)

 

CVE# CVE-2017-3263
Supported Versions 8.2, 8.3, 8.4, 15.1, 15.2, 16.1, 16.2
Severity Rating (CVSS) 8.1 (out of 10)
What It Affects Team Member
Result “Unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data.” (Oracle)

 

CVE# CVE-2017-3324
Supported Versions 8.2, 8.3, 8.4, 15.1, 15.2, 16.1, 16.2
Severity Rating (CVSS) 10 (out of 10)
What It Affects Web Access
Result “Unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management.” (Oracle)

 

Reference: Text Form of Oracle Critical Patch Update – January 2017 Risk Matrix for Oracle Primavera Product Suites.