Vulnerability in Oracle ZFS Storage Appliance Kit by Oracle Systems
CVE-2021-2147

1.8LOW

Key Information:

Vendor: Oracle
Status: Sun Zfs Storage Appliance Kit (ak) Software
Vendor: CVE Published:; 22 April 2021

Summary

This vulnerability affects the Oracle ZFS Storage Appliance Kit, allowing an attacker with high privileges and access to the infrastructure to potentially compromise the appliance. Exploitation requires human interaction from another party, making it complex but not impossible. An attacker could gain unauthorized capabilities to update, insert, or delete data accessible through Oracle ZFS Storage Appliance Kit, leading to integrity impacts. This highlights the importance of securing access controls and monitoring user interactions within the system.

Affected Version(s)

Sun ZFS Storage Appliance Kit (AK) Software 8.8

References

https://www.oracle.com/security-alerts/cpuapr2021.html

x_refsource_MISC

CVSS V3.1

Score:

1.8

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Dec 9, 2020