Oracle has released its latest Critical Patch Update (CPU) on January 17th, 2017. If you’d like to learn more about CPU’s, click here.
Please note that this CPU affects Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM). Oracle Primavera P6 Professional Project Management (PPM) licenses are not affected.
For the most recent Critical Patch Updates, click here.
Critical Patch Updates – January 2017
| CVE# | CVE-2016-1182 |
| Supported Versions | 8.2, 8.3, 8.4, 15.1, 15.2, 16.1, 16.2 |
| Severity Rating (CVSS) | 7.1 (out of 10) |
| What It Affects | P6 Web Access |
| Result | “Unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera P6 Enterprise Project Portfolio Management as well as unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data.” (Oracle) |
| CVE# | CVE-2016-7052 |
| Supported Versions | 8.3, 8.4, 15.1, 15.2, 16.1, 16.2 |
| Severity Rating (CVSS) | 7.5 (out of 10) |
| What It Affects | Project Manager |
| Result | “Unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera P6 Enterprise Project Portfolio Management.” (Oracle) |
| CVE# | CVE-2017-3263 |
| Supported Versions | 8.2, 8.3, 8.4, 15.1, 15.2, 16.1, 16.2 |
| Severity Rating (CVSS) | 8.1 (out of 10) |
| What It Affects | Team Member |
| Result | “Unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data.” (Oracle) |
| CVE# | CVE-2017-3324 |
| Supported Versions | 8.2, 8.3, 8.4, 15.1, 15.2, 16.1, 16.2 |
| Severity Rating (CVSS) | 10 (out of 10) |
| What It Affects | Web Access |
| Result | “Unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management.” (Oracle) |
Reference: Text Form of Oracle Critical Patch Update – January 2017 Risk Matrix for Oracle Primavera Product Suites.
The post Security Updates for Oracle Primavera Product Suites: January 2017 appeared first on CPM Solutions Ltd..