CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS
Percentile
55.9%
Vulnerability in the Oracle VM VirtualBox component of Oracle
Virtualization (subcomponent: GUI). Supported versions that are affected
are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable
vulnerability allows unauthenticated attacker with network access via HTTP
to compromise Oracle VM VirtualBox. Successful attacks require human
interaction from a person other than the attacker. Successful attacks of
this vulnerability can result in unauthorized update, insert or delete
access to some of Oracle VM VirtualBox accessible data as well as
unauthorized read access to a subset of Oracle VM VirtualBox accessible
data and unauthorized ability to cause a partial denial of service (partial
DOS) of Oracle VM VirtualBox. CVSS v3.0 Base Score 6.3 (Confidentiality,
Integrity and Availability impacts).
Author | Note |
---|---|
sbeattie | requires user interaction |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS
Percentile
55.9%