CVE-2020-2771

Name of the Vulnerable Software and Affected Versions Oracle Solaris versions 10 and 11

Description The issue is related to a lack of protection for service data in the Whodo component of Oracle Solaris. It allows a low-privileged attacker with logon access to the infrastructure where Oracle Solaris is executed to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. The attacks can result in unauthorized read access to a subset of Oracle Solaris accessible data.

Recommendations For Oracle Solaris versions 10 and 11, at the moment, there is no information about a newer version that contains a fix for this vulnerability.