CVE-2020-2851

Name of the Vulnerable Software and Affected Versions Oracle Solaris versions 10 and 11

Description The issue is related to insufficient input validation in the Common Desktop Environment component of Oracle Solaris. This can be exploited by an attacker to gain full control over the application. The vulnerability is difficult to exploit and requires a low-privileged attacker with logon access to the infrastructure where Oracle Solaris is executed. Successful exploitation can result in the takeover of Oracle Solaris and may have significant impacts on additional products.

Recommendations For Oracle Solaris versions 10 and 11, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.