Oracle VM VirtualBox hasta 6.1.19 Core divulgación de información

Una vulnerabilidad clasificada como crítica ha sido encontrada en Oracle VM VirtualBox hasta 6.1.19 (Virtualization Software). Una función desconocida del componente Core es afectada por esta vulnerabilidad. Una actualización elimina esta vulnerabilidad. Una solución posible ha sido publicada inmediatamente después de la publicación de la vulnerabilidad.

Campo2021-04-27 09:112021-04-27 09:122021-04-29 08:03
vendorOracleOracleOracle
nameVM VirtualBoxVM VirtualBoxVM VirtualBox
cveCVE-2021-2291CVE-2021-2291CVE-2021-2291
componentCoreCoreCore
cwe200 (divulgación de información)200 (divulgación de información)200 (divulgación de información)
risk222
cvss3_vuldb_avLLL
cvss3_vuldb_acHHH
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_vuldb_rcCCC
cvss3_vuldb_rlOOO
version<=6.1.19<=6.1.19<=6.1.19
urlhttps://www.oracle.com/security-alerts/cpuapr2021.htmlhttps://www.oracle.com/security-alerts/cpuapr2021.htmlhttps://www.oracle.com/security-alerts/cpuapr2021.html
date1618956000 (2021-04-21)1618956000 (2021-04-21)1618956000 (2021-04-21)
date1618956000 (2021-04-21)1618956000 (2021-04-21)1618956000 (2021-04-21)
identifierOracle Critical Patch Update Advisory - April 2021Oracle Critical Patch Update Advisory - April 2021Oracle Critical Patch Update Advisory - April 2021
nameUpgradeUpgradeUpgrade
typeVirtualization SoftwareVirtualization SoftwareVirtualization Software
cvss2_vuldb_avLLL
cvss2_vuldb_acHHH
cvss2_vuldb_ciCCC
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore3.83.83.8
cvss2_vuldb_tempscore3.33.33.3
cvss3_vuldb_basescore4.74.74.7
cvss3_vuldb_tempscore4.54.54.5
cvss3_meta_basescore4.74.74.7
cvss3_meta_tempscore4.54.54.5
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1607468400 (2020-12-09)1607468400 (2020-12-09)1607468400 (2020-12-09)
cve_nvd_summaryVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).
cve_cnaOracleOracle
cvss2_nvd_avL
cvss2_nvd_acM
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiN
cvss2_nvd_aiN
cvss2_nvd_basescore1.9

Interested in the pricing of exploits?

See the underground prices here!