CVE-2016-5551
Summary
| CVE | CVE-2016-5551 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-04-24 19:59:00 UTC |
| Updated | 2017-07-11 01:33:00 UTC |
| Description | Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). The supported version that is affected is 4.3. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris Cluster accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). |
Risk And Classification
Problem Types: CWE-284
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Oracle | Solaris Cluster | 4.3 | All | All | All |
| Application | Oracle | Solaris Cluster | 4.3 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Oracle Solaris Cluster CVE-2016-5551 Local Security Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Oracle Critical Patch Update - April 2017 | CONFIRM | www.oracle.com | Patch, Vendor Advisory |
| Solaris Flaws Let Remote and Local Users Obtain Elevated Privileges and Deny Service and Let Local Users Access and Modify Data - SecurityTracker | SECTRACK | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.