Main Vulnerability Database Vulnerabilities #VU35679

#VU35679 Improper access control in Oracle Solaris - CVE-2019-2838

Published: July 24, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35679

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-2838

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Oracle Solaris

Software vendor:
Oracle

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Remediation

Install update from vendor's website.

External links

http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

#VU35679 Improper access control in Oracle Solaris - CVE-2019-2838

Description

Remediation

External links

Please verify you're human