CVE-2023-21888

Name of the Vulnerable Software and Affected Versions Primavera Gateway versions 18.8.0 through 18.8.15 Primavera Gateway versions 19.12.0 through 19.12.15 Primavera Gateway versions 20.12.0 through 20.12.10 Primavera Gateway versions 21.12.0 through 21.12.8

Description The issue is related to insufficient input validation in the WebUI component of the Primavera Gateway product. It allows a low-privileged attacker with network access via HTTP to compromise the Primavera Gateway, requiring human interaction from a person other than the attacker. Successful attacks can result in unauthorized update, insert, or delete access to some of the Primavera Gateway accessible data, as well as unauthorized read access to a subset of the Primavera Gateway accessible data. The vulnerability may significantly impact additional products.

Recommendations For versions 18.8.0 through 18.8.15, update to a version outside of this range to mitigate the risk. For versions 19.12.0 through 19.12.15, update to a version outside of this range to mitigate the risk. For versions 20.12.0 through 20.12.10, update to a version outside of this range to mitigate the risk. For versions 21.12.0 through 21.12.8, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the WebUI component until a patch is available.