Risk | High |
Patch available | YES |
Number of vulnerabilities | 3 |
CVE-ID | CVE-2021-2147 CVE-2021-2149 CVE-2020-1472 |
CWE-ID | CWE-20 CWE-264 |
Exploitation vector | Network |
Public exploit | Vulnerability #3 is being exploited in the wild. |
Vulnerable software Subscribe |
Oracle ZFS Storage Appliance Kit Client/Desktop applications / Software for system administration |
Vendor | Oracle |
This security bulletin contains information about 3 vulnerabilities.
EUVDB-ID: #VU52726
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2147
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to manipulate data.
The vulnerability exists due to improper input validation within the Installation component in Oracle ZFS Storage Appliance Kit. A local privileged user can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle ZFS Storage Appliance Kit: 8.8
http://www.oracle.com/security-alerts/cpuapr2021.html?833274
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU52725
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2149
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle ZFS Storage Appliance Kit. A local authenticated user can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle ZFS Storage Appliance Kit: 8.8
http://www.oracle.com/security-alerts/cpuapr2021.html?833274
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU45628
Risk: High
CVSSv3.1:
CVE-ID: CVE-2020-1472
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Netlogon. A remote non-authenticated attacker can use MS-NRPC to connect to a domain controller to obtain domain administrator access. This vulnerability was dubbed ZeroLogon.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle ZFS Storage Appliance Kit: 8.8
http://www.oracle.com/security-alerts/cpuapr2021.html?833274
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?