CVE-2017-3582
Summary
| CVE | CVE-2017-3582 |
|---|---|
| State | PUBLISHED |
| Assigner | oracle |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-04-24 19:59:05 UTC |
| Updated | 2025-04-20 01:37:25 UTC |
| Description | Vulnerability in the Oracle SuperCluster Specific Software component of Oracle Sun Systems Products Suite (subcomponent: Backup/Restore Utility). Supported versions that are affected are 2.3.8 and 2.3.13. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle SuperCluster Specific Software executes to compromise Oracle SuperCluster Specific Software. Successful attacks of this vulnerability can result in takeover of Oracle SuperCluster Specific Software. CVSS 3.0 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). |
Risk And Classification
Primary CVSS: v3.0 8.4 HIGH from [email protected]
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Problem Types: NVD-CWE-noinfo | Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle SuperCluster Specific Software executes to compromise Oracle SuperCluster Specific Software. Successful attacks of this vulnerability can result in takeover of Oracle SuperCluster Specific Software.
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 8.4 | HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 2.0 | [email protected] | Primary | 4.6 | AV:L/AC:L/Au:N/C:P/I:P/A:P |
CVSS v3.0 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0 Breakdown
Access Vector
LocalAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:L/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Oracle | Supercluster Specific Software | 2.3.13 | All | All | All |
| Application | Oracle | Supercluster Specific Software | 2.3.8 | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Oracle Corporation | SuperCluster Specific Software | affected 2.3.8 | Not specified |
| CNA | Oracle Corporation | SuperCluster Specific Software | affected 2.3.13 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Oracle Critical Patch Update - April 2017 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | Patch, Vendor Advisory |
| Solaris Flaws Let Remote and Local Users Obtain Elevated Privileges and Deny Service and Let Local Users Access and Modify Data - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| Oracle SuperCluster Specific Software CVE-2017-3582 Local Security Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.