API Framework Vulnerability in Oracle Sun ZFS Storage Appliance Kit
CVE-2018-2924
5.7MEDIUM
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 18 July 2018
Summary
A vulnerability exists within the API frameworks of Oracle's Sun ZFS Storage Appliance Kit, specifically affecting versions prior to 8.7.18. This flaw can be exploited by a high-privileged attacker who has access to the infrastructure, potentially leading to unauthorized updates, data modifications, or deletions. Moreover, it could allow unauthorized read access to sensitive data and might even result in a partial denial of service, affecting the overall functionality of the appliance.
Affected Version(s)
Sun ZFS Storage Appliance Kit (AK) Software < 8.7.18
References
CVSS V3.1
Score:
5.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved