CVE-2018-2905
First published: Wed Jul 18 2018(Updated: )
Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). The supported version that is affected is Prior to 8.7.20. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Sun Zfs Storage Appliance Kit | <8.7.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2018-2905.
What is the affected software?
The affected software is Oracle Sun ZFS Storage Appliance Kit version up to exclusive 8.7.20.
What is the severity rating of CVE-2018-2905?
The severity rating of CVE-2018-2905 is medium with a score of 5.3.
How can an attacker exploit this vulnerability?
An unauthenticated attacker with network access via SSL/TLS can easily exploit this vulnerability.
Is there a fix available for this vulnerability?
Yes, the fix is available in version 8.7.20 of the Oracle Sun ZFS Storage Appliance Kit.
- collector/nvd-index
- agent/tags
- agent/event
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/oracle
- canonical/oracle sun zfs storage appliance kit