Unauthorized Access in Oracle Sun ZFS Storage Appliance User Interface
CVE-2018-2921
5.8MEDIUM
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 18 July 2018
Summary
A vulnerability exists in the User Interface component of Oracle's Sun ZFS Storage Appliance Kit, allowing unauthenticated attackers with network access via HTTP to exploit the system. This flaw could enable unauthorized read access to sensitive data within the appliance, potentially impacting other associated products. All users of Sun ZFS Storage Appliance Kit prior to version 8.7.18 are advised to review their security posture and apply relevant mitigations.
Affected Version(s)
Sun ZFS Storage Appliance Kit (AK) Software < 8.7.18
References
CVSS V3.1
Score:
5.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved