Oracle VM VirtualBox up to 6.1.19 Core information disclosure

A vulnerability, which was classified as critical, was found in Oracle VM VirtualBox up to 6.1.19 (Virtualization Software). Affected is an unknown function of the component Core. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field04/23/2021 06:40 AM04/27/2021 09:01 AM04/27/2021 09:03 AM
vendorOracleOracleOracle
nameVM VirtualBoxVM VirtualBoxVM VirtualBox
cveCVE-2021-2306CVE-2021-2306CVE-2021-2306
componentCoreCoreCore
cwe200 (information disclosure)200 (information disclosure)200 (information disclosure)
risk222
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prHHH
cvss3_vuldb_uiNNN
cvss3_vuldb_sCCC
cvss3_vuldb_cHHH
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_vuldb_rcCCC
cvss3_vuldb_rlOOO
version<=6.1.19<=6.1.19<=6.1.19
urlhttps://www.oracle.com/security-alerts/cpuapr2021.htmlhttps://www.oracle.com/security-alerts/cpuapr2021.htmlhttps://www.oracle.com/security-alerts/cpuapr2021.html
date1618956000 (04/21/2021)1618956000 (04/21/2021)1618956000 (04/21/2021)
date1618956000 (04/21/2021)1618956000 (04/21/2021)1618956000 (04/21/2021)
identifierOracle Critical Patch Update Advisory - April 2021Oracle Critical Patch Update Advisory - April 2021Oracle Critical Patch Update Advisory - April 2021
nameUpgradeUpgradeUpgrade
typeVirtualization SoftwareVirtualization SoftwareVirtualization Software
cvss2_vuldb_avLLL
cvss2_vuldb_acLLL
cvss2_vuldb_auMMM
cvss2_vuldb_ciCCC
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore4.33.73.7
cvss3_vuldb_basescore6.06.06.0
cvss3_vuldb_tempscore6.05.75.7
cvss3_meta_basescore6.06.06.0
cvss3_meta_tempscore6.05.75.7
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned16074684001607468400
cve_nvd_summaryVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).
cve_cnaOracle

Do you know our Splunk app?

Download it now for free!