Unauthenticated Vulnerability in Oracle VM VirtualBox by Oracle
CVE-2024-21109

5.9MEDIUM

Key Information:

Vendor
Oracle
Status
Vm Virtualbox
Vendor
CVE Published:
16 April 2024

Summary

A serious vulnerability exists in Oracle VM VirtualBox, a widely used virtualization software from Oracle. This issue affects all supported versions prior to 7.0.16 and allows unauthenticated attackers with network access via HTTP to exploit the system. If successfully exploited, attackers could gain unauthorized access to critical data, potentially compromising the integrity and confidentiality of the data stored in Oracle VM VirtualBox environments. Organizations using this software are advised to update to the latest version immediately to mitigate this risk.

References

https://www.oracle.com/security-alerts/cpuapr2024.html

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.