CVE-2016-5551

EUVD-2016-6495

24.04.2017, 19:59

Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). The supported version that is affected is 4.3. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris Cluster accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	2.8 LOW	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 35%

Affected Products (NVD)

Vendor	Product	Version
oracle	solaris_cluster	4.3

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-284 - Improper Access Control
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

http://www.securityfocus.com/bid/97803

http://www.securitytracker.com/id/1038292

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

http://www.securityfocus.com/bid/97803

http://www.securitytracker.com/id/1038292