APT37 aka ScarCruft or RedEyes – Active IOCs
November 4, 2024New Variant of FakeCall Malware Takes Over Android Devices to Make False Banking Calls – Active IOCs
November 4, 2024APT37 aka ScarCruft or RedEyes – Active IOCs
November 4, 2024New Variant of FakeCall Malware Takes Over Android Devices to Make False Banking Calls – Active IOCs
November 4, 2024Severity
Medium
Analysis Summary
CVE-2024-21273 CVSS:6
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerabilities.
CVE-2024-21264 CVSS:5.4
Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Activity Guide Composer). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CC Common Applications.
CVE-2024-21263 CVSS:6.1
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM Virtual.
Impact
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-21273
- CVE-2024-21264
- CVE-2024-21263
Affected Vendors
Affected Products
- Oracle Corporation Oracle VM VirtualBox - * - *
- Oracle Corporation PeopleSoft Enterprise CC Common Application Objects - 9.2
Remediation
Refer to Oracle Critical Patch Update Advisory, upgrade or suggested workaround information.