CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2020-14871

CVSS 10.0v3.1pub. 2020-10-21upd. 2025-10-27

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Oracle Solaris

    OS
    Oracle
    910 – 11.1 (bez)

CISA KEV — detailsi

Vendori
Oracle
Producti
Solaris and Zettabyte File System (ZFS)
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
May 3, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 3 maja 2022
Tags
Auth BypassDoS
CWE
References

Related vulnerabilities

CVE-2013-2251CRITICAL9.8⚠ KEVten sam produkt

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a paramet...

CVE-2026-46978CRITICAL10.0ten sam produkt

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The...

CVE-2025-36038CRITICAL9.0PL ✓ten sam produkt

RCE w IBM WebSphere Application Server przez niebezpieczną deserializację

CVE-2021-39085CRITICAL9.8ten sam produkt

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 thr...

CVE-2022-22317CRITICAL9.8ten sam produkt

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow...