Detections
Analytics
Oracle Solaris Critical Patch Update : apr2023_SRU11_4_54_138_1
low Nessus Plugin ID 174473
Language:
Synopsis
The remote Solaris system is missing a security patch from CPU apr2023.Description
This Solaris system is missing necessary patches to address a critical security update :- Vulnerability in the Oracle Solaris product of Oracle Systems (component: IPS repository daemon). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. CVSS 3.1 Base Score 1.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N).
(CVE-2023-21928)
Solution
Install the apr2023 CPU from the Oracle support website.See Also
https://support.oracle.com/epmos/faces/DocumentDisplay?id=2940069.1
https://www.oracle.com/docs/tech/security-alerts/cpuapr2023cvrf.xml
Plugin Details
Severity: Low
ID: 174473
File Name: solaris_apr2023_SRU11_4_54_138_1.nasl
Version: 1.4
Type: local
Family: Solaris Local Security Checks
Published: 4/19/2023
Updated: 11/16/2023
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 1.4
CVSS v2
Risk Factor: Low
Base Score: 0.8
Temporal Score: 0.6
Vector: CVSS2#AV:L/AC:H/Au:M/C:N/I:P/A:N
CVSS Score Source: CVE-2023-21928
CVSS v3
Risk Factor: Low
Base Score: 1.8
Temporal Score: 1.6
Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:oracle:solaris
Required KB Items: Host/local_checks_enabled, Host/Solaris11/release
Exploit Ease: No known exploits are available
Patch Publication Date: 4/18/2023
Vulnerability Publication Date: 4/18/2023
Reference Information
CVE: CVE-2023-21928
IAVA: 2023-A-0215-S