Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-j5x9-e1ds-wfb9
Vulnerability ID VCID-j5x9-e1ds-wfb9
Aliases CVE-2019-2554
Summary Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2019-2554
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2019-2554
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2019-2554
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2019-2554
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2019-2554
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2019-2554
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2019-2554
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2019-2554
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2019-2554
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2019-2554
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2019-2554
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2019-2554
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2019-2554
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2019-2554
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2019-2554
cvssv2 2.1 https://nvd.nist.gov/vuln/detail/CVE-2019-2554
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-2554
ssvc Track http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
ssvc Track http://www.securityfocus.com/bid/106568
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html
https://api.first.org/data/v1/epss?cve=CVE-2019-2554
http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
http://www.securityfocus.com/bid/106568
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*
CVE-2019-2554 https://nvd.nist.gov/vuln/detail/CVE-2019-2554
No exploits are available.
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:27Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:27Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-2554
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-2554
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:27Z/ Found at http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T14:01:27Z/ Found at http://www.securityfocus.com/bid/106568
Exploit Prediction Scoring System (EPSS)
Percentile 0.30403
EPSS Score 0.00116
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T18:00:16.333023+00:00 EPSS Importer Import https://epss.cyentia.com/epss_scores-current.csv.gz 38.0.0