Unauthorized Access in Oracle Sun ZFS Storage Appliance User Interface
CVE-2018-2921

5.8MEDIUM

Key Information:

Vendor
Oracle
Status
Sun Zfs Storage Appliance Kit (ak) Software
Vendor
CVE Published:
18 July 2018

Summary

A vulnerability exists in the User Interface component of Oracle's Sun ZFS Storage Appliance Kit, allowing unauthenticated attackers with network access via HTTP to exploit the system. This flaw could enable unauthorized read access to sensitive data within the appliance, potentially impacting other associated products. All users of Sun ZFS Storage Appliance Kit prior to version 8.7.18 are advised to review their security posture and apply relevant mitigations.

Affected Version(s)

Sun ZFS Storage Appliance Kit (AK) Software < 8.7.18

References

http://www.securityfocus.com/bid/104783
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041303
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.