CVE-2024-21108

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-21108

3.3 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

V

ulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

References
Link Resource
https://www.oracle.com/security-alerts/cpuapr2024.html Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2024.html Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
History

05 Dec 2024, 15:15

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
First Time Oracle
Oracle vm Virtualbox
CWE NVD-CWE-noinfo
References () https://www.oracle.com/security-alerts/cpuapr2024.html - () https://www.oracle.com/security-alerts/cpuapr2024.html - Vendor Advisory

21 Nov 2024, 08:53

Type Values Removed Values Added
References () https://www.oracle.com/security-alerts/cpuapr2024.html - () https://www.oracle.com/security-alerts/cpuapr2024.html -
Information

Published : 2024-04-16 22:15

Updated : 2024-12-05 15:15

NVD link : CVE-2024-21108

Mitre link : CVE-2024-21108

CVE.ORG link : CVE-2024-21108

JSON object : View

Products Affected

oracle

CWE
NVD-CWE-noinfo