CVE-2024-21155

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Jul 16, 2024
Updated: Jul 17, 2024

Summary

CVE-2024-21155 is a newly identified vulnerability in Oracle ZFS Storage Appliance Kit (version 8.8) that affects its User Interface component. This issue, which has a CVSS Base Score of 4.7, allows unauthenticated attackers to gain unauthorized read access to a subset of the appliance's data through a network attack via HTTP. Successfully exploiting this vulnerability requires human interaction from a person other than the attacker. The potential impact of these attacks extends beyond the Oracle ZFS Storage Appliance Kit, as they may significantly affect other products as well. Confidentiality is the primary impact of this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share