CVE-2020-2944

Name of the Vulnerable Software and Affected Versions Oracle Solaris versions 10 and 11

Description The issue is related to insufficient input validation in the Common Desktop Environment component of Oracle Solaris, allowing a low-privileged attacker with logon access to the infrastructure to compromise Oracle Solaris. Successful attacks can result in the takeover of Oracle Solaris. The vulnerability may also impact additional products.

Recommendations For Oracle Solaris versions 10 and 11, apply the patches provided by Oracle to resolve the issue. As a temporary workaround, consider restricting access to the Common Desktop Environment component until a patch is applied. Avoid using the sdtcm convert function in the affected component until the issue is resolved. At the moment, there is no additional information about other mitigation measures.