Vulnerability in Oracle Solaris Utility, Affecting Oracle Systems
CVE-2024-21059

7.8HIGH

Key Information:

Vendor: Oracle
Status: Solaris Operating System
Vendor: CVE Published:; 16 April 2024

Summary

A vulnerability in the Oracle Solaris product's utility component may allow a low-privileged attacker with logon access to compromise the system. Although primarily impacting Oracle Solaris, the nature of this flaw could extend its effects to additional products. Successful exploitation could result in unauthorized takeover of the system, leading to potential breaches of confidentiality, integrity, and availability. Organizations utilizing Oracle Solaris 11 are advised to evaluate their security posture and implement necessary safeguards to mitigate risks associated with this vulnerability.

Affected Version(s)

Solaris Operating System 11

References

https://www.oracle.com/security-alerts/cpuapr2024.html

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 16, 2024