Luke Turvey

**Name of the Vulnerable Software and Affected Versions** Oracle Primavera P6 Enterprise Project Portfolio Management versions 20.12.0 through 20.12.21 Oracle Primavera P6 Enterprise Project Portfolio Management versions 21.12.0 through 21.12.21 Oracle Primavera P6 Enterprise Project Portfolio Management versions 22.12.0 through 22.12.19 Oracle Primavera P6 Enterprise Project Portfolio Management versions 23.12.0 through 23.12.13 Oracle Primavera P6 Enterprise Project Portfolio Management versions 24.12.0 through 24.12.4 **Description** This issue affects the Web Access component of Oracle Primavera P6 Enterprise Project Portfolio Management. A low-privileged attacker with network access via HTTP can compromise the application, requiring human interaction from a person other than the attacker. Successful exploitation may lead to unauthorized data modification, insertion, deletion, or read access. Attacks may potentially impact additional products. **Recommendations** Update Oracle Primavera P6 Enterprise Project Portfolio Management to a version beyond 24.12.4. Update Oracle Primavera P6 Enterprise Project Portfolio Management to a version beyond 23.12.13. Update Oracle Primavera P6 Enterprise Project Portfolio Management to a version beyond 22.12.19. Update Oracle Primavera P6 Enterprise Project Portfolio Management to a version beyond 21.12.21. Update Oracle Primavera P6 Enterprise Project Portfolio Management to a version beyond 20.12.21.

**Name of the Vulnerable Software and Affected Versions** Neet AirStream NAS version 1.1 **Description** The issue concerns a hardcoded password for the root account, which is set to `ifconfig`. This password cannot be changed through the configuration page, posing a security risk. **Recommendations** For Neet AirStream NAS version 1.1, consider changing the root account password manually or through alternative means, as the configuration page does not allow for this change. As a temporary workaround, restrict access to the root account to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Neet AirStream NAS version 1.1 **Description** The issue allows for CSRF attacks, which can lead to changes in the AP name and password by modifying the settings binary. **Recommendations** For Neet AirStream NAS version 1.1, consider disabling the settings binary modification functionality as a temporary workaround until a patch is available. Restrict access to the settings configuration to minimize the risk of exploitation.