{"cve":{"cve_id":"CVE-2024-20914","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00188,"epss_percentile":0.08482,"epss_as_of":"2026-06-23","description":"Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core).   The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).","published_at":"2024-01-16T21:41:14.356000Z","last_modified_at":null,"cvss_v3_score":2.3,"cvss_v3_vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","cvss_v3_severity":"LOW","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"partial","cwes":["CWE-200"],"nvd_references":["https://www.oracle.com/security-alerts/cpujan2024.html"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:52:13.459991Z"},"effective_severity":"LOW","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"L","value_label":"Local"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"H","value_label":"High"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"L","value_label":"Low"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"oracle-corporation","vendor_name":"Oracle Corporation","product_slug":"sun-zfs-storage-appliance-kit-ak-software","product_name":"Sun ZFS Storage Appliance Kit (AK) Software","version_start":"8.8","version_start_inclusive":true,"version_end":"8.8","version_end_inclusive":true,"cpe23_uri":"cve5:oracle-corporation:sun-zfs-storage-appliance-kit-ak-software:8.8:8.8"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.oracle.com/security-alerts/cpujan2024.html","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2024-01-16T21:41:14.356000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:33:42.872393Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:33:42.872393Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:33:42.872393Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:52:13.459991Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:52:13.459991Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:52:13.459991Z","label":"SSVC decision revised","source":"vulnrichment"}]}