Vulnerability in Oracle Solaris IPS Repository Daemon
CVE-2023-21928

1.8LOW

Key Information:

Vendor: Oracle
Status: Solaris Operating System
Vendor: CVE Published:; 18 April 2023

What is CVE-2023-21928?

A vulnerability has been identified in the Oracle Solaris IPS repository daemon that allows a high-privileged attacker with legitimate logon access to exploit the system. Although difficult to exploit, the successful execution of this vulnerability requires human interaction from an unknowing user. The potential impact of this vulnerability includes unauthorized updates, inserts, or deletions of accessible data within the Oracle Solaris system, raising concerns about data integrity.

Affected Version(s)

Solaris Operating System 11

References

https://www.oracle.com/security-alerts/cpuapr2023.html

vendor-advisory

CVSS V3.1

Score:

1.8

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Dec 17, 2022