Vulnerability in Oracle Solaris Filesystem Allows Unauthorized Access
CVE-2022-21524

7.6HIGH

Key Information:

Vendor
Oracle
Status
Solaris Operating System
Vendor
CVE Published:
19 July 2022

Summary

A vulnerability in the Oracle Solaris operating system's filesystem component allows low-privileged attackers with network access via SMB to compromise the system. This flaw enables unauthorized users to cause a denial-of-service by hanging or crashing Oracle Solaris. Additionally, it grants unauthorized update, insert, or delete access to a portion of Oracle Solaris's accessible data, while also allowing unauthorized read access to certain data. This situation poses a significant security threat to the integrity and availability of data managed by Oracle Solaris.

Affected Version(s)

Solaris Operating System 11

References

https://www.oracle.com/security-alerts/cpujul2022.html
x_refsource_MISC

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.