⚠ Actively exploited
Added to CISA KEV on 2022-05-25. Federal agencies required to patch by 2022-06-15. Required action: Apply updates per vendor instructions..

CVE-2019-3010Corporation Solaris Operating System vulnerability

6 documents6 sources
Severity
8.8HIGHNVD
EPSS
50.2%
top 2.16%
CISA KEV
KEV
Added 2022-05-25
Due 2022-06-15
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Oracle Corporation Solaris Operating SystemOracle Solaris
Timeline
PublishedOct 16
KEV addedMay 25
KEV dueJun 15
CISA Required Action: Apply updates per vendor instructions.

Description

Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-w255-p3v2-q6mg: Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver)2022-05-24
CVEList
CVE-2019-3010: Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver)2019-10-16
VulnCheck
Oracle Solaris Privilege Escalation Vulnerability2019

💥Exploits & PoCs

1
Exploit-DB
Solaris 11.4 - xscreensaver Privilege Escalation2019-10-21

📋Vendor Advisories

1
CISA
Oracle Solaris Privilege Escalation Vulnerability2022-05-25
CVE-2019-3010 — HIGH severity | cvebase