Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N).
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.oracle.com/security-alerts/cpujul2024.html |
![]() ![]() |
History
Tue, 18 Mar 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-125 | |
Metrics |
ssvc
|
Wed, 28 Aug 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Oracle
Oracle vm Virtualbox |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:* | |
Vendors & Products |
Oracle
Oracle vm Virtualbox |

Status: PUBLISHED
Assigner: oracle
Published: 2024-07-16T22:40:04.641Z
Updated: 2025-03-18T18:40:14.532Z
Reserved: 2023-12-07T22:28:10.686Z
Link: CVE-2024-21164

Updated: 2024-08-01T22:13:42.689Z

Status : Modified
Published: 2024-07-16T23:15:19.490
Modified: 2025-03-18T19:15:42.340
Link: CVE-2024-21164

No data.