Vulnerability in Sun ZFS Storage Appliance Kit by Oracle
CVE-2018-2857

6.3MEDIUM

Key Information:

Vendor
Oracle
Status
Sun Zfs Storage Appliance Kit (ak) Software
Vendor
CVE Published:
19 April 2018

Summary

A vulnerability exists within Oracle's Sun ZFS Storage Appliance Kit, where low privileged attackers can exploit it through HTTP access. This flaw allows unauthorized actions, including the ability to update, insert, or delete data. In addition, attackers may gain unauthorized read access to certain data and cause partial denial of service to the system. The versions affected are those prior to 8.7.17, emphasizing the need for immediate updates to mitigate potential risks.

Affected Version(s)

Sun ZFS Storage Appliance Kit (AK) Software < 8.7.17

References

http://www.securitytracker.com/id/1040702
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/103892
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.