CVE-2018-2930

3 documents3 sources
Severity
9.8CRITICAL
EPSS
4.9%
top 10.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Solaris ClusterOracle Solaris Cluster
Timeline
PublishedJul 18
Latest updateMay 13

Description

Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris Cluster. Successful attacks of this vulnerability can result in takeover of Solaris Cluster. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDoracle/solaris_cluster3.3, 4.3+1

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-v8qv-v44g-p48p: Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition)2022-05-13
CVEList
CVE-2018-2930: Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition)2018-07-18
CVE-2018-2930 (CRITICAL CVSS 9.8) | Vulnerability in the Solaris Cluste | cvebase.io