Published: 08/08/2017 Updated: 03/10/2019

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CDE Calendar). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3632 is assigned to the "EASYSTREET" vulnerability. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle solaris 11
oracle solaris 10

Solaris, Java have vulns that let users run riot

The Register • Simon Sharwood • 19 Jul 2017

What's big, red and has 308 patches, 30 of them critical? Oracle's quarterly patch dump

Oracle's emitted its quarterly patch dump. As usual it's a whopper, with 308 security fixes to consider. Oracle uses the ten-point Common Vulnerability Scoring System Version 3.0, on which critical bugs score 9.0 or above. The Register counts 30 such bugs in this release. Not all can be laid at Oracle's door. For example, a glibc glitch is hardly Oracle's fault. Nor are the Apache Tomcat and Struts bugs that MySQL users need to squash. But a few others are Big Red boo-boos, such as CVE-2017-3632...

CVE-2017-3632

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect