CVE-2019-2701

Name of the Vulnerable Software and Affected Versions Primavera P6 Enterprise Project Portfolio Management version 18.8

Description The issue affects the Web Access subcomponent, allowing a low-privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. This can result in unauthorized read access to a subset of accessible data.

Recommendations For version 18.8, update to a newer version that contains a fix for this issue to prevent unauthorized read access. As a temporary workaround, consider restricting access to the Web Access subcomponent to minimize the risk of exploitation.