API Framework Vulnerability in Oracle Sun ZFS Storage Appliance Kit
CVE-2018-2924

5.7MEDIUM

Key Information:

Vendor
Oracle
Status
Sun Zfs Storage Appliance Kit (ak) Software
Vendor
CVE Published:
18 July 2018

Summary

A vulnerability exists within the API frameworks of Oracle's Sun ZFS Storage Appliance Kit, specifically affecting versions prior to 8.7.18. This flaw can be exploited by a high-privileged attacker who has access to the infrastructure, potentially leading to unauthorized updates, data modifications, or deletions. Moreover, it could allow unauthorized read access to sensitive data and might even result in a partial denial of service, affecting the overall functionality of the appliance.

Affected Version(s)

Sun ZFS Storage Appliance Kit (AK) Software < 8.7.18

References

http://www.securityfocus.com/bid/104783
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041303
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.