CVE-2022-21513

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. While the vulnerability is in Oracle ZFS Storage Appliance Kit, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpujul2022.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

History

23 Jul 2022, 03:17

Type	Values Removed	Values Added
References	~~(MISC) https://www.oracle.com/security-alerts/cpujul2022.html -~~	(MISC) https://www.oracle.com/security-alerts/cpujul2022.html - Vendor Advisory
First Time		Oracle Oracle zfs Storage Appliance Kit
CPE		cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*
CWE		NVD-CWE-noinfo

19 Jul 2022, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-07-19 22:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-21513

Mitre link : CVE-2022-21513

CVE.ORG link : CVE-2022-21513

JSON object : View

Products Affected

oracle

zfs_storage_appliance_kit

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-21513", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.5}]}, "published": "2022-07-19T22:15:10.257", "references": [{"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. While the vulnerability is in Oracle ZFS Storage Appliance Kit, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."}, {"lang": "es", "value": "Una vulnerabilidad en el producto Oracle ZFS Storage Appliance Kit de Oracle Systems (componente: Core). La versi\u00f3n compatible que est\u00e1 afectada es la 8.8. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante muy privilegiado que inicie sesi\u00f3n en la infraestructura donde es ejecutado Oracle ZFS Storage Appliance Kit comprometerlo. Aunque la vulnerabilidad es encontrada en Oracle ZFS Storage Appliance Kit, los ataques pueden afectar significativamente a otros productos (cambio de alcance). Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Oracle ZFS Storage Appliance Kit. CVSS 3.1, Puntuaci\u00f3n Base 8.2 (impactos en la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."}], "lastModified": "2022-07-23T03:17:52.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}