Text Form of Oracle Security Alert CVE-2015-3456 Risk Matrix

Cloud Account Sign in to Cloud Sign Up for Free Cloud Tier

Oracle Account

Text Form of Oracle Security Alert - CVE-2015-3456 Risk Matrices

This document provides the text form of the CVE-2015-3456 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CVE-2015-3456 Advisory.

This page contains the following text format Risk Matrices:

Oracle Linux
Oracle Virtualization

Text Form of Risk Matrix for Oracle Linux

This table provides the text form of the Risk Matrix for Oracle Linux.

CVE Identifier	Description
CVE-2015-3456	Vulnerability in the Oracle Linux component of Oracle Linux (subcomponent: Xen, Qemu-KVM). Supported versions that are affected are 5, 6 and 7. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory]

CVE Identifier

Description

CVE-2015-3456

Vulnerability in the Oracle Linux component of Oracle Linux (subcomponent: Xen, Qemu-KVM). Supported versions that are affected are 5, 6 and 7. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory]

Text Form of Risk Matrix for Oracle Virtualization

This table provides the text form of the Risk Matrix for Oracle Virtualization.

CVE Identifier	Description
CVE-2015-3456	Vulnerability in the Oracle VM component of Oracle Virtualization (subcomponent: Xen Hypervisor). Supported versions that are affected are 2.2, 3.2 and 3.3. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-3456	Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are 3.2, 4.0, 4.1, 4.2 and 4.3 prior to 4.3.28. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The CVSS score assumes that the virtualization software is running on the host operating system as a privileged user. When this is not the case, the corresponding CVSS impact scores for Confidentiality, Integrity, and Availability are "Partial+" instead of "Complete", lowering the CVSS Base Score. For example, a Base Score of 6.2 becomes 3.7. CVSS Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory]

CVE Identifier

Description

CVE-2015-3456

Vulnerability in the Oracle VM component of Oracle Virtualization (subcomponent: Xen Hypervisor). Supported versions that are affected are 2.2, 3.2 and 3.3. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory]

CVE-2015-3456

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are 3.2, 4.0, 4.1, 4.2 and 4.3 prior to 4.3.28. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: The CVSS score assumes that the virtualization software is running on the host operating system as a privileged user. When this is not the case, the corresponding CVSS impact scores for Confidentiality, Integrity, and Availability are "Partial+" instead of "Complete", lowering the CVSS Base Score. For example, a Base Score of 6.2 becomes 3.7.

CVSS Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory]