CVE-2019-3008

Vulnerability in the Oracle Solaris product of Oracle Systems (component: LDAP Library). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L).

CVSS v3 1.8 LOW
CVSS v2.0 1.2 LOW

1.8^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.3 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.2^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:H/Au:N/C:N/I:N/A:P

Exploitability : 1.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-10-16 18:15

Updated : 2024-02-28 17:28

NVD link : CVE-2019-3008

Mitre link : CVE-2019-3008

CVE.ORG link : CVE-2019-3008

JSON object : View

Products Affected

oracle

solaris

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-3008", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 1.8, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 0.3}]}, "published": "2019-10-16T18:15:34.170", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: LDAP Library). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)."}, {"lang": "es", "value": "Una vulnerabilidad en el producto Oracle Solaris de Oracle Systems (componente: LDAP Library). La versi\u00f3n compatible que est\u00e1 afectada es la 11. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante muy privilegiado con inicio de sesi\u00f3n en la infraestructura donde es ejecutado Oracle Solaris comprometer a Oracle Solaris. Los ataques con \u00e9xito requieren la interacci\u00f3n humana de otra persona diferente del atacante. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle Solaris. CVSS 3.0 Puntuaci\u00f3n Base 1.8 (Impactos de la Disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)."}], "lastModified": "2019-10-21T15:20:06.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E8C192B-8044-4BF9-9F1F-57371FC0E8FD"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}