Description
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Filesystems). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).
Published: 2026-01-20
Score: 2.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Integrity compromise via unauthorized data modification
Action: Assess Impact
AI Analysis

Impact

The issue affects Oracle ZFS Storage Appliance Kit 8.8. A high privileged attacker who can log on to the underlying infrastructure can compromise the appliance and modify data stored on or accessible through it. The vulnerability enables unauthorized update, insert, or delete actions on the data, compromising integrity. It is an improper access control flaw that lets privileged users perform actions beyond what the system normally permits. A successful exploitation leads to integrity damage and potential loss of data consistency.

Affected Systems

Oracle ZFS Storage Appliance Kit, version 8.8. No information on earlier or later releases is provided.

Risk and Exploitability

The vulnerability has a CVSS 3.1 base score of 2.3, indicating low severity primarily affecting integrity. The EPSS score of less than 1% suggests a very low probability of exploitation in the wild. The vulnerability is not included in the CISA KEV catalog, and no known exploitation campaigns exist. The attack vector likely requires local or high‑privileged access to the appliance environment; an attacker with such access could directly modify data through the appliance interfaces.

Generated by OpenCVE AI on April 18, 2026 at 04:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify the installed appliance version; if 8.8 is present, apply any vendor‑issued patch that resolves the access‑control flaw as soon as it becomes available.
  • Enforce least‑privilege policies on the infrastructure hosting the appliance, restricting local logons to only those user accounts that require administrative access and removing unnecessary high‑privileged accounts.
  • Implement audit logging for all data‑modification operations and monitor the logs for anomalous activity, ensuring early detection of unauthorized update, insert or delete attempts.

Generated by OpenCVE AI on April 18, 2026 at 04:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 05:00:00 +0000

Type Values Removed Values Added
Title Unauthorized Data Modification via Privileged Account in Oracle ZFS Storage Appliance Kit 8.8
Weaknesses CWE-284

Thu, 29 Jan 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Oracle sun Zfs Storage Appliance Kit
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.0:*:*:*:*:*:*:*
Vendors & Products Oracle sun Zfs Storage Appliance Kit

Wed, 21 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 20 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Filesystems). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).
First Time appeared Oracle
Oracle zfs Storage Appliance Kit
CPEs cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle zfs Storage Appliance Kit
References
Metrics cvssV3_1

{'score': 2.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Oracle Sun Zfs Storage Appliance Kit Zfs Storage Appliance Kit
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-01-21T20:54:21.244Z

Reserved: 2026-01-05T18:07:34.709Z

Link: CVE-2026-21930

cve-icon Vulnrichment

Updated: 2026-01-21T20:54:18.710Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-20T22:15:55.530

Modified: 2026-01-29T21:16:12.450

Link: CVE-2026-21930

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T04:45:36Z

Weaknesses