CVE-2020-14529

Name of the Vulnerable Software and Affected Versions: Primavera Portfolio Management versions 16.1.0.0 through 16.1.5.1 Primavera Portfolio Management versions 18.0.0.0 through 18.0.2.0 Primavera Portfolio Management version 19.0.0.0

Description: The issue is related to insufficient input validation in the Investor Module component. It allows a low-privileged attacker with network access via HTTP to compromise Primavera Portfolio Management, requiring human interaction from a person other than the attacker. Successful attacks can result in unauthorized update, insert, or delete access to some accessible data, as well as unauthorized read access to a subset of accessible data.

Recommendations: For versions 16.1.0.0 through 16.1.5.1, update to a version outside of this range to mitigate the risk. For versions 18.0.0.0 through 18.0.2.0, update to a version outside of this range to mitigate the risk. For version 19.0.0.0, update to a newer version to mitigate the risk.