Main Vulnerability Database Vulnerabilities #VU39111

Input validation error in Sun ZFS Storage Appliance Kit - CVE-2017-3585

Published: April 24, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU39111

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-3585

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Oracle

Affected software:
Sun ZFS Storage Appliance Kit

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface subsystem). The supported version that is affected is AK 2013. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

How to mitigate CVE-2017-3585

Install update from vendor's website.

Input validation error in Sun ZFS Storage Appliance Kit - CVE-2017-3585

Detailed vulnerability description

How to mitigate CVE-2017-3585

Sources

Please verify you're human