CVE-2020-2571

Name of the Vulnerable Software and Affected Versions Oracle VM Server for SPARC version 3.6

Description The issue is related to insufficient access control in the Templates component of Oracle VM Server for SPARC, allowing an attacker to gain unauthorized access to protected information. An easily exploitable vulnerability in Oracle VM Server for SPARC can be compromised by an unauthenticated attacker with logon to the infrastructure where Oracle VM Server for SPARC executes. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized update, insert, or delete access to some of Oracle VM Server for SPARC's accessible data.

Recommendations For Oracle VM Server for SPARC version 3.6, consider restricting access to the Templates component until a patch is available. As a temporary workaround, limit the interaction with the infrastructure where Oracle VM Server for SPARC executes to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.