Vulnerability Details : CVE-2022-21446

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N).

Published 2022-04-19 21:15:16

Updated 2022-04-28 13:42:16

Source Oracle

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-21446

Probability of exploitation activity in the next 30 days: 0.07%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 29 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-21446

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:P/A:N	10.0	4.9	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
8.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N	3.9	4.2	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: High Availability: None

References for CVE-2022-21446

https://www.oracle.com/security-alerts/cpuapr2022.html

Vendor Advisory

CVEs referencing this url

Products affected by CVE-2022-21446

Oracle » Solaris » Version: 11
cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*
Matching versions