Lucene search

OracleCVE-2017-3622

HistoryApr 24, 2017 - 7:59 p.m.

CVE-2017-3622

2017-04-2419:59:06

oracle

web.nvd.nist.gov

solaris

oracle

sun systems

cve-2017-3622

vulnerability

extremeparr

cde

infrastructure security

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment (CDE)). The supported version that is affected is 10. Easily “exploitable” vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3622 is assigned for the “Extremeparr”. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Affected configurations

Nvd

Node

oraclesolarisMatch10

VendorProductVersionCPE
oraclesolaris10cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	solaris	10	cpe:2.3:o:oracle:solaris:10:::::::*

CNA Affected

[
  {
    "product": "Solaris Operating System",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "10"
      }
    ]
  }
]