Exploitable Vulnerability in Oracle Sun ZFS Storage Appliance Kit
CVE-2018-2927

4.3MEDIUM

Key Information:

Vendor

Oracle
Status
Sun Zfs Storage Appliance Kit (ak) Software
Vendor
CVE Published:
18 July 2018

What is CVE-2018-2927?

An exploitable vulnerability exists in the HTTP data path subsystems of the Oracle Sun ZFS Storage Appliance Kit. This issue can be leveraged by a low privileged attacker who has network access via HTTP, potentially leading to unauthorized read access of sensitive data stored within the affected appliance. The vulnerability impacts all versions prior to 8.7.18, emphasizing the need for prompt updates to safeguard against potential data breaches.

Affected Version(s)

Sun ZFS Storage Appliance Kit (AK) Software < 8.7.18

References

http://www.securityfocus.com/bid/104783
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041303
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.