CVE-2024-21105

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).

CVSS v3 2.0 LOW

2.0^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.6 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpuapr2024.html
https://www.oracle.com/security-alerts/cpuapr2024.html

Configurations

No configuration.

History

No history.

Information

Published : 2024-04-16 22:15

Updated : 2024-12-04 21:15

NVD link : CVE-2024-21105

Mitre link : CVE-2024-21105

CVE.ORG link : CVE-2024-21105

JSON object : View

Products Affected

No product.

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2024-21105", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.0, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.6}]}, "published": "2024-04-16T22:15:31.770", "references": [{"url": "https://www.oracle.com/security-alerts/cpuapr2024.html", "source": "secalert_us@oracle.com"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2024.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N)."}, {"lang": "es", "value": "Vulnerabilidad en el producto Oracle Solaris de Oracle Systems (componente: Utility). La versi\u00f3n compatible que se ve afectada es la 11. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con altos privilegios iniciar sesi\u00f3n en la infraestructura donde se ejecuta Oracle Solaris para comprometer Oracle Solaris. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Solaris. CVSS 3.1 Base Score 2.0 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N)."}], "lastModified": "2024-12-04T21:15:21.417", "sourceIdentifier": "secalert_us@oracle.com"}