Skip to main content

Exposure of Sensitive Information to an Unauthorized Actor

CVE-2021-2250

Severity High
Score 8.2/10

Summary

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.

  • LOW
  • LOCAL
  • HIGH
  • CHANGED
  • NONE
  • HIGH
  • HIGH
  • HIGH

CWE-200 - Information Exposure

An information exposure vulnerability is categorized as an information flow (IF) weakness, which can potentially allow unauthorized access to otherwise classified information in the application, such as confidential personal information (demographics, financials, health records, etc.), business secrets, and the application's internal environment.

Advisory Timeline

  • Published