API Framework Vulnerability in Oracle Sun ZFS Storage Appliance Kit
CVE-2018-2924

5.7MEDIUM

Key Information:

Vendor

Oracle
Status
Sun Zfs Storage Appliance Kit (ak) Software
Vendor
CVE Published:
18 July 2018

What is CVE-2018-2924?

A vulnerability exists within the API frameworks of Oracle's Sun ZFS Storage Appliance Kit, specifically affecting versions prior to 8.7.18. This flaw can be exploited by a high-privileged attacker who has access to the infrastructure, potentially leading to unauthorized updates, data modifications, or deletions. Moreover, it could allow unauthorized read access to sensitive data and might even result in a partial denial of service, affecting the overall functionality of the appliance.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Sun ZFS Storage Appliance Kit (AK) Software < 8.7.18

References

http://www.securityfocus.com/bid/104783
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041303
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.