← Zuruck zu CVEs

CVE-2020-2748

LOW

3.2

Beschreibung

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).

CVE Details

CVSS v3.1 Bewertung3.2

SchweregradLOW

CVSS VektorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

AngriffsvektorLOCAL

KomplexitatLOW

Erforderliche PrivilegienHIGH

BenutzerinteraktionNONE

Veroffentlicht4/15/2020

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

opensuse:leaporacle:vm_virtualbox

Schwachen (CWE)

CWE-125

Referenzen

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html(secalert_us@oracle.com)

https://security.gentoo.org/glsa/202101-09(secalert_us@oracle.com)

https://www.oracle.com/security-alerts/cpuapr2020.html(secalert_us@oracle.com)

https://www.zerodayinitiative.com/advisories/ZDI-20-506/(secalert_us@oracle.com)

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html(af854a3a-2127-422b-91ae-364da2661108)

https://security.gentoo.org/glsa/202101-09(af854a3a-2127-422b-91ae-364da2661108)

https://www.oracle.com/security-alerts/cpuapr2020.html(af854a3a-2127-422b-91ae-364da2661108)

https://www.zerodayinitiative.com/advisories/ZDI-20-506/(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.