What is CVE-2023-22128?

A low-severity vulnerability has been identified in Oracle Solaris, affecting versions 10 and 11. This vulnerability allows unauthorized read access to certain data, requiring human interaction for successful exploitation. Organizations should prioritize patching to mitigate risks.

What is the severity of CVE-2023-22128?

CVE-2023-22128 has a severity rating of LOW with a CVSS base score of 3.1.

CVE-2023-22128 | Low Vulnerability in Oracle Solaris

CVE-2023-22128 is a vulnerability affecting the Oracle Solaris product, specifically within the Filesystem component. The supported versions that are impacted by this vulnerability are version 10 and version 11 of Oracle Solaris. It is classified as a low-severity vulnerability with a CVSS 3.1 Base Score of 3.1, indicating a low impact on confidentiality.

This vulnerability allows an unauthenticated attacker with network access via rquota to compromise Oracle Solaris. Notably, successful exploitation of this vulnerability requires human interaction from a third party, which adds a layer of complexity to the attack. When successfully exploited, it can result in unauthorized read access to a subset of data accessible in Oracle Solaris.

Organizations utilizing Oracle Solaris should be aware of this vulnerability and the associated risks. Given its low severity rating, the urgency for remediation may not be as high as critical vulnerabilities; however, organizations are still encouraged to address this in their patch management cycle.

The vulnerability was published on October 17, 2023, and has since been classified as modified. For organizations using the affected versions, it is advisable to monitor for any updates from Oracle and apply necessary patches promptly.

Vulnerability Details

The official description states that this vulnerability allows unauthorized access to certain data within Oracle Solaris. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N, indicating a network attack vector, high attack complexity, no privileges required, and that user interaction is required for successful exploitation.

Technical Analysis

The root cause of CVE-2023-22128 lies within the Filesystem component of Oracle Solaris. The attack vector is through the network, and the complexity is rated as high due to the requirement for user interaction. No privileges are required from the attacker, making it easier for an unauthorized individual to exploit this vulnerability.

The confidentiality impact is low, meaning that the data that may be accessed unauthorized is limited. There are no reported impacts on integrity or availability. Organizations should be aware that while exploitation complexity is high, the potential for unauthorized data access exists.

Risk & Impact Analysis

Risk to organizations includes unauthorized read access to sensitive data within Oracle Solaris. While the overall severity is low, organizations should be vigilant due to the potential exposure of sensitive information. The blast radius, although limited, can still pose a risk, especially in environments where data confidentiality is critical.

Organizations using the affected versions of Oracle Solaris should schedule remediation for this vulnerability in their patch management cycles. Regular updates and monitoring for any changes from Oracle can help mitigate associated risks.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of Oracle Solaris include version 10 and version 11. If no specific version information is known, organizations should assume all versions prior to the vendor patch are affected.

Mitigation & Remediation

Organizations should prioritize applying the latest patches provided by Oracle for this vulnerability. Regular patch management and system updates are essential to ensure that vulnerabilities are addressed promptly. For detailed patch information, refer to the Oracle Critical Patch Update Advisory.

Detection Guidance

Monitoring logs for unauthorized access attempts and behavioral anomalies can help detect exploitation attempts of this vulnerability. Organizations should focus on monitoring network access patterns and user interactions to identify potential risks.

AppSecure Threat Intelligence Insight

This vulnerability signifies the importance of user interaction requirements in network vulnerabilities. Organizations should focus on improving user training and awareness to mitigate risks associated with human involvement in exploit attempts.

Security teams are encouraged to regularly assess their systems for vulnerabilities through comprehensive security testing. Utilizing services such as penetration testing can help identify and remediate similar vulnerabilities in the future.

Furthermore, understanding the trends surrounding vulnerabilities like this one is critical. Organizations should stay informed of ongoing security research and vulnerability disclosures to maintain a robust security posture.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2023-22128: Low Vulnerability in Oracle Solaris