CVE-2021-2149

Name of the Vulnerable Software and Affected Versions Oracle ZFS Storage Appliance Kit version 8.8

Description The issue is related to insufficient input validation in the Core component of the Oracle ZFS Storage Appliance Kit. This allows a low-privileged attacker with logon access to the infrastructure where the kit is executed to compromise it. Successful attacks can result in unauthorized update, insert, or delete access to some of the kit's accessible data.

Recommendations For Oracle ZFS Storage Appliance Kit version 8.8, consider restricting access to the Core component until a patch is available. As a temporary workaround, limit the privileges of users with logon access to the infrastructure to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.