Text Form of Oracle Security Alert - CVE-2015-3456 Risk Matrices



This document provides the text form of the CVE-2015-3456 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CVE-2015-3456 Advisory.

 

This page contains the following text format Risk Matrices:

 

Text Form of Risk Matrix for Oracle Linux

 


This table provides the text form of the Risk Matrix for Oracle Linux.

CVE IdentifierDescription
CVE-2015-3456Vulnerability in the Oracle Linux component of Oracle Linux (subcomponent: Xen, Qemu-KVM). Supported versions that are affected are 5, 6 and 7. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory]

 

 

 

 

Text Form of Risk Matrix for Oracle Virtualization

 


This table provides the text form of the Risk Matrix for Oracle Virtualization.

CVE IdentifierDescription
CVE-2015-3456Vulnerability in the Oracle VM component of Oracle Virtualization (subcomponent: Xen Hypervisor). Supported versions that are affected are 2.2, 3.2 and 3.3. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

CVSS Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory]
CVE-2015-3456Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are 3.2, 4.0, 4.1, 4.2 and 4.3 prior to 4.3.28. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: The CVSS score assumes that the virtualization software is running on the host operating system as a privileged user. When this is not the case, the corresponding CVSS impact scores for Confidentiality, Integrity, and Availability are "Partial+" instead of "Complete", lowering the CVSS Base Score. For example, a Base Score of 6.2 becomes 3.7.

CVSS Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory]