CVE-2024-21155
CVSS 3.1 Score 4.7 of 10 (medium)
Details
Summary
CVE-2024-21155 is a newly identified vulnerability in Oracle ZFS Storage Appliance Kit (version 8.8) that affects its User Interface component. This issue, which has a CVSS Base Score of 4.7, allows unauthenticated attackers to gain unauthorized read access to a subset of the appliance's data through a network attack via HTTP. Successfully exploiting this vulnerability requires human interaction from a person other than the attacker. The potential impact of these attacks extends beyond the Oracle ZFS Storage Appliance Kit, as they may significantly affect other products as well. Confidentiality is the primary impact of this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Oracle Corp
- BonqDAO