Vulnerability in Sun ZFS Storage Appliance Kit by Oracle
CVE-2018-2920

7.4HIGH

Key Information:

Vendor
Oracle
Status
Sun Zfs Storage Appliance Kit (ak) Software
Vendor
CVE Published:
18 July 2018

Summary

The Sun ZFS Storage Appliance Kit (AK) from Oracle is susceptible to an authorization bypass vulnerability due to flaws in its API frameworks. This vulnerability allows low-privileged attackers with network access to exploit the system, leading to unauthorized data manipulation — including the ability to update, insert, or delete information accessible through the appliance. Additionally, it permits unauthorized read access to certain data and may result in partial denial of service (DoS). The vulnerability impacts the integrity, confidentiality, and availability of the data managed by the Sun ZFS Storage Appliance Kit.

Affected Version(s)

Sun ZFS Storage Appliance Kit (AK) Software < 8.7.19

References

http://www.securityfocus.com/bid/104803
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041303
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.