Unauthenticated Access Vulnerability in Oracle Sun ZFS Storage Appliance Kit
CVE-2018-2905

5.3MEDIUM

Key Information:

Vendor
Oracle
Status
Sun Zfs Storage Appliance Kit (ak) Software
Vendor
CVE Published:
18 July 2018

Summary

A vulnerability in Oracle's Sun ZFS Storage Appliance Kit allows an unauthenticated attacker to gain unauthorized read access to sensitive data. This can be exploited remotely over SSL/TLS, affecting the confidentiality of the data stored within the appliance. Users are advised to upgrade to version 8.7.20 or later to mitigate this risk. The vulnerability primarily impacts systems prior to this version and poses a significant threat to data security.

Affected Version(s)

Sun ZFS Storage Appliance Kit (AK) Software < 8.7.20

References

http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041303
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/104842
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.