cnvd - cnvd-2022-53248

cnvd-2022-53248

Vulnerability from cnvd

Title: Oracle ZFS Storage Appliance存在未明漏洞（CNVD-2022-53248）

Description:

Oracle ZFS Storage Appliance是美国甲骨文（Oracle）公司的一个支持闪存、PB级文件存储并内置Oracle数据库的存储设备。

Oracle ZFS Storage Appliance 存在安全漏洞，攻击者可利用该漏洞导致对某些Oracle ZFS Storage Appliance Kit可访问数据的未经授权的更新、插入或删除访问，以及导致Oracle ZFS Storage Appliance Kit 的部分拒绝服务（部分 DOS）的未经授权的能力。

Severity: 低

Patch Name: Oracle ZFS Storage Appliance存在未明漏洞（CNVD-2022-53248）的补丁

Patch Description:

Oracle ZFS Storage Appliance是美国甲骨文（Oracle）公司的一个支持闪存、PB级文件存储并内置Oracle数据库的存储设备。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.oracle.com/security-alerts/cpujul2022.html

Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-21563

Impacted products

Name
Oracle ZFS Storage Appliance

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-21563"
    }
  },
  "description": "Oracle ZFS Storage Appliance\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u652f\u6301\u95ea\u5b58\u3001PB\u7ea7\u6587\u4ef6\u5b58\u50a8\u5e76\u5185\u7f6eOracle\u6570\u636e\u5e93\u7684\u5b58\u50a8\u8bbe\u5907\u3002\n\nOracle ZFS Storage Appliance \u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5bf9\u67d0\u4e9bOracle ZFS Storage Appliance Kit\u53ef\u8bbf\u95ee\u6570\u636e\u7684\u672a\u7ecf\u6388\u6743\u7684\u66f4\u65b0\u3001\u63d2\u5165\u6216\u5220\u9664\u8bbf\u95ee\uff0c\u4ee5\u53ca\u5bfc\u81f4Oracle ZFS Storage Appliance Kit \u7684\u90e8\u5206\u62d2\u7edd\u670d\u52a1\uff08\u90e8\u5206 DOS\uff09\u7684\u672a\u7ecf\u6388\u6743\u7684\u80fd\u529b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.oracle.com/security-alerts/cpujul2022.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-53248",
  "openTime": "2022-07-21",
  "patchDescription": "Oracle ZFS Storage Appliance\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u652f\u6301\u95ea\u5b58\u3001PB\u7ea7\u6587\u4ef6\u5b58\u50a8\u5e76\u5185\u7f6eOracle\u6570\u636e\u5e93\u7684\u5b58\u50a8\u8bbe\u5907\u3002\r\n\r\nOracle ZFS Storage Appliance \u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5bf9\u67d0\u4e9bOracle ZFS Storage Appliance Kit\u53ef\u8bbf\u95ee\u6570\u636e\u7684\u672a\u7ecf\u6388\u6743\u7684\u66f4\u65b0\u3001\u63d2\u5165\u6216\u5220\u9664\u8bbf\u95ee\uff0c\u4ee5\u53ca\u5bfc\u81f4Oracle ZFS Storage Appliance Kit \u7684\u90e8\u5206\u62d2\u7edd\u670d\u52a1\uff08\u90e8\u5206 DOS\uff09\u7684\u672a\u7ecf\u6388\u6743\u7684\u80fd\u529b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle ZFS Storage Appliance\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2022-53248\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Oracle ZFS Storage Appliance"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-21563",
  "serverity": "\u4f4e",
  "submitTime": "2022-07-20",
  "title": "Oracle ZFS Storage Appliance\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2022-53248\uff09"
}

CVE-2022-21563 (GCVE-0-2022-21563)

Vulnerability from cvelistv5

Published

2022-07-19 21:08

Modified

2024-09-24 19:56

Severity ?

3.4 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

CWE

Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle ZFS Storage Appliance Kit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle ZFS Storage Appliance Kit.

Summary

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle ZFS Storage Appliance Kit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 3.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Sun ZFS Storage Appliance Kit (AK) Software	Version: 8.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:46:38.665Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-21563",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T14:07:03.521773Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T19:56:16.441Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Sun ZFS Storage Appliance Kit (AK) Software",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle ZFS Storage Appliance Kit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 3.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle ZFS Storage Appliance Kit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle ZFS Storage Appliance Kit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-19T21:08:05",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21563",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Sun ZFS Storage Appliance Kit (AK) Software",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "8.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle ZFS Storage Appliance Kit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 3.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "3.4",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle ZFS Storage Appliance Kit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle ZFS Storage Appliance Kit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21563",
    "datePublished": "2022-07-19T21:08:05",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-09-24T19:56:16.441Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted