Oracle » Solaris Cluster : Security Vulnerabilities, CVEs, CVSS score >= 8
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
Max CVSS
9.8
EPSS Score
1.21%
Published
2019-10-15
Updated
2022-06-07
Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris Cluster. Successful attacks of this vulnerability can result in takeover of Solaris Cluster. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Max CVSS
9.8
EPSS Score
1.06%
Published
2018-07-18
Updated
2019-10-03
2 vulnerabilities found