CVE-2024-20920

Name of the Vulnerable Software and Affected Versions Oracle Solaris version 11

Description The issue is related to insufficient input validation in the Filesystem component of Oracle Solaris. This easily exploitable vulnerability allows a low-privileged attacker with logon access to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris, potentially resulting in unauthorized read access to a subset of Oracle Solaris accessible data. Successful attacks may significantly impact additional products.

Recommendations For Oracle Solaris version 11, consider restricting access to sensitive data and implementing additional security measures to minimize the risk of exploitation until a patch is available. As a temporary workaround, review and strengthen input validation for the Filesystem component to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.