CVE-2020-2749

Name of the Vulnerable Software and Affected Versions Oracle Solaris version 11

Description The issue is related to insufficient input validation in the svcbundle component of Oracle Solaris. This can allow a remote attacker to gain unauthorized access to protected information. The vulnerability is difficult to exploit and requires human interaction from someone other than the attacker. Successful attacks can result in unauthorized access to update, insert, or delete some of the data accessible by Oracle Solaris.

Recommendations For Oracle Solaris version 11, consider restricting access to the svcbundle component until a patch is available. As a temporary workaround, limit the use of the SMF command svcbundle to minimize the risk of exploitation. Ensure that only authorized personnel have logon access to the infrastructure where Oracle Solaris executes.