admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-28xx/CVE-2020-2894.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

212 lines
7.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-2894",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2020-04-15T14:15:34.233",
"lastModified": "2024-11-21T05:26:33.973",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle VM VirtualBox de Oracle Virtualization (componente: Core). Las versiones compatibles afectadas son anteriores a la versi\u00f3n 5.2.40, anteriores a la versi\u00f3n 6.0.20 y anteriores a la versi\u00f3n 6.1.6. La vulnerabilidad f\u00e1cilmente explotable permite a los atacantes con privilegios elevados iniciar sesi\u00f3n en la infraestructura donde se ejecuta Oracle VM VirtualBox para comprometer Oracle VM VirtualBox. Si bien la vulnerabilidad se encuentra en Oracle VM VirtualBox, los ataques pueden afectar significativamente a productos adicionales. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la adquisici\u00f3n de Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Impactos de confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS: 3.0 / AV: L / AC: L / PR: H / UI: N / S: C / C: H / I: N / A: N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0
}
],
"cvssMetricV30": [
{
"source": "secalert_us@oracle.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"baseScore": 2.1,
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"baseSeverity": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.40",
"matchCriteriaId": "129CB958-DAE6-436B-94A7-C2EB377A4BAD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.0.20",
"matchCriteriaId": "3E50538C-FD1A-44E5-B24D-A0C2E72E43C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.0",
"versionEndExcluding": "6.1.6",
"matchCriteriaId": "81D2771A-60CB-403C-A62F-3DBC8E29A94E"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"
}
]
}
]
}
],
"references": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html",
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202101-09",
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-581/",
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202101-09",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-581/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink