CISA Known Exploited Vulnerability

CVE-2020-14871

Oracle · Solaris and Zettabyte File System (ZFS)

Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability

Date added 2021-11-03

BOD 22-01 due date 2022-05-03

CWE CWE-787

Ransomware Unknown

CISA description

Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems.

Required action

Apply updates per vendor instructions.

Notes & references

https://nvd.nist.gov/vuln/detail/CVE-2020-14871

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

RA-5 · Vulnerability Monitoring and Scanning
SI-2 · Flaw Remediation
CM-6 · Configuration Settings
SI-7 · Software, Firmware, and Information Integrity
CM-8 · System Component Inventory

External lookups

NVD · CVE-2020-14871
CVE.org · CVE-2020-14871
CISA KEV catalog (canonical)