Main Vulnerability Database Vulnerabilities #VU36530

#VU36530 Input validation error in Oracle Solaris - CVE-2018-3267

Published: October 17, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36530

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-3267

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Oracle Solaris

Software vendor:
Oracle

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LFTP). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via FTP to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Remediation

Install update from vendor's website.

#VU36530 Input validation error in Oracle Solaris - CVE-2018-3267

Description

Remediation

External links