Solaris Cluster Vulnerabilities in Oracle Sun Systems Products Suite
CVE-2017-3588

7.3HIGH

Key Information:

Vendor
Oracle
Status
Solaris Cluster
Vendor
CVE Published:
19 October 2017

Summary

A vulnerability exists in the Solaris Cluster component of Oracle's Sun Systems Products Suite, specifically impacting versions 3.3 and 4.3. An unauthenticated attacker must gain access to the infrastructure on which Solaris Cluster operates. This exploitation may lead to unauthorized actions such as creating, deleting, or modifying critical data within the cluster environment. Additionally, successful exploitation can grant the attacker unauthorized access to sensitive data and may cause partial denial of service, affecting the availability of the Solaris Cluster services. Human interaction is required from a user other than the attacker, which adds a layer of complexity to the exploitation process.

Affected Version(s)

Solaris Cluster 3.3

Solaris Cluster 4.3

References

http://www.securityfocus.com/bid/101435
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039601
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.