CVE-2021-2147
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Installation). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 1.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N).
EPSS 0.08% · 22.9th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle Corporation | Sun ZFS Storage Appliance Kit (AK) Software | 8.8 |
| oracle | zfs_storage_appliance | 8.8 |
Exploit Intelligence
- https://www.oracle.com/security-alerts/cpuapr2021.html (circl)
- guids_only.yara (github-yara)
- guids_only.yara (github-yara)
- guids_only.yara (github-yara)
- guids_only.yara (github-yara)
- Black-Basta.yar (github-yara)
- Black-Basta.yar (github-yara)
- Black-Basta.yar (github-yara)
- Black-Basta.yar (github-yara)
- Zerologon.yar (github-yara)
…and 7 more exploits
Timeline
- Sep 17, 2020 PoC Published
- Oct 3, 2020 PoC Published
- Apr 21, 2021 CVE Published
- Apr 27, 2021 EPSS Score
- Jun 30, 2021 EPSS Score
- Sep 1, 2021 EPSS Score
- Nov 2, 2021 EPSS Score
- Jan 3, 2022 EPSS Score
- Mar 6, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 8, 2022 EPSS Score
- Jul 9, 2022 EPSS Score