Unauthorized Access Vulnerability in Oracle VM Server for SPARC
CVE-2020-2571

3.3LOW

Key Information:

Vendor: Oracle
Status: Ldoms
Vendor: CVE Published:; 15 January 2020

What is CVE-2020-2571?

An exploitable vulnerability exists in the Oracle VM Server for SPARC templates, allowing an unauthenticated attacker with login access to the executing infrastructure to potentially compromise the system. This flaw necessitates human interaction from a third party, opening the door to unauthorized modifications, including updates, insertions, or deletions of data on the affected Oracle VM Server for SPARC. Patch procedures and security best practices should be adopted to safeguard your systems from attempts to exploit this issue.

Affected Version(s)

LDOMS 3.6

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019