Unauthorized Data Access Vulnerability in Oracle Sun ZFS Storage Appliance
CVE-2018-2937

5.3MEDIUM

Key Information:

Vendor
Oracle
Status
Sun Zfs Storage Appliance Kit (ak) Software
Vendor
CVE Published:
18 July 2018

Summary

A vulnerability exists in the Sun ZFS Storage Appliance Kit (AK) component of Oracle's Sun Systems Products Suite, specifically affecting versions prior to 8.7.19. This security flaw allows unauthenticated attackers with network access via HTTP to manipulate accessible data on the appliance. Exploitation can lead to unauthorized updates, inserts, or deletions of data, posing significant risks to data integrity and availability.

Affected Version(s)

Sun ZFS Storage Appliance Kit (AK) Software < 8.7.19

References

http://www.securityfocus.com/bid/104803
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041303
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.