Unauthorized Access Vulnerability in Oracle Solaris Kernel by Oracle Systems
CVE-2022-21461

5.5MEDIUM

Key Information:

Vendor: Oracle
Status: Solaris Operating System
Vendor: CVE Published:; 19 April 2022

Summary

A vulnerability exists in the Oracle Solaris operating system, specifically in the Kernel component, which allows low-privileged attackers with logon access to exploit the system. This may lead to the unauthorized disclosure of critical data or even complete control over all accessible data within the Oracle Solaris environment. It poses a significant risk for organizations relying on this infrastructure, necessitating prompt remediation for affected versions.

Affected Version(s)

Solaris Operating System 11

References

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2022
Vulnerability Reserved
Nov 15, 2021