Vulnerability Details : CVE-2018-2563
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDAP Library). Supported versions that are affected are 10 and 11.3. Difficult to exploit vulnerability allows low privileged attacker with network access via LDAP to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).
Products affected by CVE-2018-2563
- cpe:2.3:o:oracle:solaris:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-2563
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 42 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-2563
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.9
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:N |
6.8
|
4.9
|
NIST | |
|
4.2
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N |
1.6
|
2.5
|
NIST |
References for CVE-2018-2563
-
http://www.securitytracker.com/id/1040702
Solaris Multiple Flaws Let Remote and Local Users Deny Service, Remote and Local Users Access Data, Remote Authenticated Users Gain Elevated Privileges, and Remote Authenticated and Local Users ModifyThird Party Advisory;VDB Entry
-
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Oracle Critical Patch Update - April 2018Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/103888
Oracle Solaris CVE-2018-2563 Remote Security VulnerabilityThird Party Advisory;VDB Entry
Jump to