CVE-2024-21155

📊 4.7 MEDIUM⚡ 0.3%🎯 0 exploits

📅 Published Jul 16, 2024

📋 Status: Analyzed

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: User Interface). The supported version that is affected is 8.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle ZFS Storage Appliance Kit, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

1 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	oracle	zfs storage appliance kit	8.8	Vulnerable	cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*

📱

oracle / zfs storage appliance kit

Application

Vulnerable

Version: 8.8

CPE:

cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

Metrics

4.7 MEDIUMCVSS v3.1[email protected]

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Attack Vector:

NETWORK

Complexity:

LOW

Privileges:

NONE

User Interaction:

REQUIRED

Confidentiality:

LOW

Integrity:

NONE

Availability:

NONE

Scope:

CHANGED

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

4.7 (MEDIUM)v3.1

Source: [email protected]

EPSS Details

0.3% (Minimal)48.4th percentile

Last updated: Oct 30, 2025

Exploitation probability within 30 days

Published Date

Jul 16, 2024 (1 year ago)

Last Modified

Dec 5, 2024 (11 months ago)

Security Weaknesses1

References2

NVDgeneral