Vulnerability in Oracle Sun ZFS Storage Appliance Kit Affects Oracle Sun Systems Products Suite
CVE-2019-2878

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Sun Zfs Storage Appliance Kit (ak) Software
Vendor: CVE Published:; 23 July 2019

Summary

A vulnerability in the Oracle Sun ZFS Storage Appliance Kit allows unauthenticated network access via HTTP, enabling attackers to potentially compromise system data. Although successful exploitation requires user interaction, it can result in unauthorized operations, including updates, inserts, or deletions of accessible data. Moreover, attackers may gain unauthorized read access to specific data, significantly impacting the security of affected systems and potentially other associated products.

Affected Version(s)

Sun ZFS Storage Appliance Kit (AK) Software 8.8.3

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018