How severe is CVE-2019-3020?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.3 out of 10.

What type of vulnerability is CVE-2019-3020?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2019-3020

CRITICAL Year: 2019

CVSS v3 Score

9.3

Critical

CVSS v2 Score

5.8

Medium

Weakness Type

NVD-CWE-Other

View all →

Vulnerability Description

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 15.1.0-15.2.18, 16.1.0-16.2.18, 17.1.0-17.12.14 and 18.1.0-18.8.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 9.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N).

CVE-2018-11284

CRITICAL

CVSS:9.3(Critical)

Spoofed SMS can be used to send a large number of messages to the device which will in turn initiate a flood of registration updates with the server in snapdragon mobile and snapdragon wear in version...

NVD-CWE-Other2018

CVE-2018-2623

CRITICAL

CVSS:9.3(Critical)

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.13. Easily...

NVD-CWE-Other2018

CVE-2018-2739

CRITICAL

CVSS:9.3(Critical)

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Easi...

NVD-CWE-Other2018

CVE-2019-20606

CRITICAL

CVSS:9.3(Critical)

An issue was discovered on Samsung mobile devices with any (before May 2019) software. A phishing attack against OMACP can change the network and internet settings. The Samsung ID is SVE-2019-14073 (M...

NVD-CWE-Other2019

CVE-2019-2702

CRITICAL

CVSS:9.3(Critical)

Vulnerability in the Oracle Hospitality Cruise Dining Room Management component of Oracle Hospitality Applications (subcomponent: Web Service). The supported version that is affected is 8.0.80. Easily...

NVD-CWE-Other2019

CVE-2019-9812

CRITICAL

CVSS:9.3(Critical)

Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious...

NVD-CWE-Other2019

CVE-2019-3020

Vulnerability Description

Related Vulnerabilities

CVE-2018-11284

CVE-2018-2623

CVE-2018-2739

CVE-2019-20606

CVE-2019-2702

CVE-2019-9812