Vulnerability in Oracle Solaris Filesystem Affects Oracle Systems
CVE-2023-22128

3.1LOW

Key Information:

Vendor: Oracle
Status: Solaris Operating System
Vendor: CVE Published:; 17 October 2023

What is CVE-2023-22128?

A vulnerability exists in the filesystem component of Oracle Solaris, affecting versions 10 and 11. An unauthenticated attacker can exploit this flaw through network access via 'rquota'. While the attack is difficult to carry out, it necessitates human interaction from an individual other than the attacker. Successfully exploiting this vulnerability can lead to unauthorized read access to certain data within the Oracle Solaris environment, posing potential risks to data confidentiality.

Affected Version(s)

Solaris Operating System 10

Solaris Operating System 11

References

https://www.oracle.com/security-alerts/cpuoct2023.html

vendor-advisory

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Dec 17, 2022