CVE-2020-14566

Name of the Vulnerable Software and Affected Versions Primavera Portfolio Management versions 16.1.0.0 through 16.1.5.1 Primavera Portfolio Management versions 18.0.0.0 through 18.0.2.0 Primavera Portfolio Management version 19.0.0.0

Description The issue is related to insufficient input validation in the Web Access component. It allows an unauthenticated attacker with network access via HTTP to compromise Primavera Portfolio Management. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized update, insert, or delete access to some of Primavera Portfolio Management's accessible data.

Recommendations For versions 16.1.0.0 through 16.1.5.1, consider restricting access to the Web Access component until a patch is available. For versions 18.0.0.0 through 18.0.2.0, consider disabling the Web Access component temporarily to minimize the risk of exploitation. For version 19.0.0.0, avoid using the Web Access component until the issue is resolved. As a temporary workaround, consider implementing additional validation checks for input data in the Web Access component until a patch is available.