Lucene search

[email protected]CVE-2018-3275

HistoryOct 17, 2018 - 1:31 a.m.

CVE-2018-3275

2018-10-1701:31:28

[email protected]

web.nvd.nist.gov

oracle

solaris

libkmip

vulnerability

unauthenticated attacker

data compromise

cvss 3.0

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

7 High

AI Score

Confidence

High

8.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:C/A:N

0.004 Low

EPSS

Percentile

74.3%

JSON

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LibKMIP). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data as well as unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

Affected configurations

Vulners

NVD

Node

oraclesolarisRange≤11.3

VendorProductVersionCPE
oraclesolaris*cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	solaris	*	cpe:2.3:o:oracle:solaris::::::::

CNA Affected

[
  {
    "product": "Solaris Operating System",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "11.3"
      }
    ]
  }
]

References

www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

www.securityfocus.com/bid/105604

www.securitytracker.com/id/1041895

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

7 High

AI Score

Confidence

High

8.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:C/A:N

0.004 Low

EPSS

Percentile

74.3%

JSON

Related for CVE-2018-3275

prion1 nvd1 cvelist1 nessus1 oracle1