PT-2020-3874 · Oracle · Oracle Solaris

Published

2020-07-15

Updated

2021-07-21

CVE-2020-14542

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Oracle Solaris version 11

Description: The issue is related to a lack of protection for service data in the libsuri component of Oracle Solaris. This can be exploited to gain unauthorized access to protected information. The vulnerability is easily exploitable and can be used by a low-privileged attacker with logon access to the infrastructure to compromise Oracle Solaris, resulting in unauthorized read access to a subset of Oracle Solaris accessible data.

Recommendations: For Oracle Solaris version 11, update to a version that includes the fix for this issue to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2020-04266

CVE-2020-14542

Affected Products

Oracle Solaris

PT-2020-3874 · Oracle · Oracle Solaris

CVE-2020-14542

Weakness Enumeration

Related Identifiers

Affected Products

References · 5