Vulnerability in Oracle ZFS Storage Appliance Kit by Oracle Systems
CVE-2022-21563

3.4LOW

Key Information:

Vendor: Oracle
Status: Sun Zfs Storage Appliance Kit (ak) Software
Vendor: CVE Published:; 19 July 2022

What is CVE-2022-21563?

This vulnerability allows an attacker with high privileges who has logged into the infrastructure where the Oracle ZFS Storage Appliance Kit operates to compromise the appliance. Such exploitation can lead to unauthorized updates, insertions, or deletions of critical data, as well as the potential to partially disrupt the service of the appliance. The risk stems from insufficient protection mechanisms within the system, which can be targeted, thus exposing sensitive data to unauthorized manipulation and creating vulnerabilities within the service availability.

Affected Version(s)

Sun ZFS Storage Appliance Kit (AK) Software 8.8

References

https://www.oracle.com/security-alerts/cpujul2022.html

x_refsource_MISC

CVSS V3.1

Score:

3.4

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 19, 2022
Vulnerability Reserved
Nov 15, 2021