Rewterz Threat Advisory – CVE-2023-21858 – Oracle Collaborative Planning Vulnerability
January 19, 2023Rewterz Threat Advisory – CVE-2023-21900 – Oracle Solaris Vulnerability
January 19, 2023Severity
Medium
Analysis Summary
CVE-2023-21886 CVSS:8.1
An unspecified vulnerability in Oracle VM VirtualBox related to the Core component could allow a remote attacker to gain elevated privileges resulting in a high confidentiality, high integrity, and high availability impact using unknown attack vectors.
CVE-2023-21889 CVSS:3.8
An unspecified vulnerability in Oracle VM VirtualBox related to the Core component could allow a local authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVE-2023-21884 CVSS:4.4
An unspecified vulnerability in Oracle VM VirtualBox related to the Core component could allow a local authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2023-21898 CVSS:5.5
An unspecified vulnerability in Oracle VM VirtualBox related to the Core component could allow a local authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
Impact
- Privilege Escalation
- Information Disclosure
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2023-21886
- CVE-2023-21889
- CVE-2023-21898
- CVE-2023-21884
Affected Vendors
Oracle
Affected Products
- Oracle VM VirtualBox 6.1.41
- Oracle VM VirtualBox 7.0.5
Remediation
Refer to Oracle Critical Patch Update Advisory for patch, upgrade or suggested workaround information.