Felipe Solferini

**Name of the Vulnerable Software and Affected Versions** Oracle Primavera P6 Enterprise Project Portfolio Management versions 20.12.0 through 20.12.21 Oracle Primavera P6 Enterprise Project Portfolio Management versions 21.12.0 through 21.12.21 Oracle Primavera P6 Enterprise Project Portfolio Management versions 22.12.0 through 22.12.19 Oracle Primavera P6 Enterprise Project Portfolio Management versions 23.12.0 through 23.12.13 Oracle Primavera P6 Enterprise Project Portfolio Management versions 24.12.0 through 24.12.4 **Description** This issue affects the Web Access component of Oracle Primavera P6 Enterprise Project Portfolio Management. A low-privileged attacker with network access via HTTP can compromise the application, requiring human interaction from a person other than the attacker. Successful exploitation may lead to unauthorized data modification, insertion, deletion, or read access. Attacks may potentially impact additional products. **Recommendations** Update Oracle Primavera P6 Enterprise Project Portfolio Management to a version beyond 24.12.4. Update Oracle Primavera P6 Enterprise Project Portfolio Management to a version beyond 23.12.13. Update Oracle Primavera P6 Enterprise Project Portfolio Management to a version beyond 22.12.19. Update Oracle Primavera P6 Enterprise Project Portfolio Management to a version beyond 21.12.21. Update Oracle Primavera P6 Enterprise Project Portfolio Management to a version beyond 20.12.21.