Oracle Primavera Unifier DoS (Apr 2024 CPU)
Discription

The versions of Primavera Unifier installed on the remote host are affected by a denial of service (DoS) vulnerability as referenced in the April 2024 CPU advisory. The vulnerability lies in the Primavera Unifier product of Oracle Construction and Engineering (component: Integration (Nimbus JOSE+JWT)). Supported versions that are affected are 21.12.0-21.12.17, 22.12.0-22.12.12 and 23.12.0-23.12.3. Easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Unifier. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version…Read More

Back to Main

Subscribe for the latest news: