CVE-2023-21948 : Vulnerability in the Oracle Solaris product of Oracle Systems (component: Core).

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Core). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Published 2023-04-18 20:15:15

Updated 2023-04-19 14:28:39

Source Oracle

View at NVD, CVE.org

Products affected by CVE-2023-21948

Oracle » Solaris » Version: 10
cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-21948

EPSS FAQ

0.26%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 46 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-21948

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	Oracle
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2023-21948

https://www.oracle.com/security-alerts/cpuapr2023.html

Oracle Critical Patch Update Advisory - April 2023
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-21948

Products affected by CVE-2023-21948

Exploit prediction scoring system (EPSS) score for CVE-2023-21948

CVSS scores for CVE-2023-21948

References for CVE-2023-21948