Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2021-1999

Published

3 years ago

Last Modified

3 years ago

CVSSv2.0 Severity

Low

CVSSv3.1 Severity

Medium

Impact Analysis

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: RAS subsystems). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle ZFS Storage Appliance Kit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 5.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N)..

CVSSv2.0 Score

Severity: Low
Base Score: 1.2/10
Exploit Score: 1.9/10
Access Vector: Local
Access Complexity: High
Authentication Required: None
Impact Score: 2.9/10
Confidentiality Impact: None
Availability Impact: None
Integrity Impact: Partial

CVSSv3.1 Score

Severity: Medium
Base Score: 5/10
Exploit Score: 0.6/10
Access Vector: Local
Access Complexity: High
Privileges Required: High
Impact Score: 4/10
Confidentiality Impact: None
Availability Impact: None
Integrity Impact: High
Scope: Changed
User Interaction: Required

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:o:oracle:zfs_storage_appliance:8.8:::::::*	Yes	-	-
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4	Yes	-	-
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::	Yes	-	-

References

https://www.oracle.com/security-alerts/cpujan2021.html