Unauthorized Data Access Vulnerability in Oracle ZFS Storage Appliance Kit
CVE-2024-20914

2.3LOW

Key Information:

Vendor: Oracle
Status: Sun ZFS Storage Appliance Kit (AK) Software
Vendor: CVE Published:; 16 January 2024

Summary

A notable vulnerability exists within Oracle ZFS Storage Appliance Kit that allows an authenticated attacker to exploit the system to gain unauthorized read access to specific data. This vulnerability can be easily exploited by attackers with high privileges who have logged into the infrastructure where the Oracle ZFS Storage Appliance Kit is operational. Effective mitigation is essential to prevent unwanted data exposure. For more details, refer to Oracle's advisory.

Affected Version(s)

Sun ZFS Storage Appliance Kit (AK) Software 8.8

References

https://www.oracle.com/security-alerts/cpujan2024.html

vendor-advisory

CVSS V3.1

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Dec 7, 2023