National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Vulnerability Change Record for CVE-2015-3456

Change History

Modified Analysis - 5/14/2015 11:06:39 PM

Action Type Old Value New Value
Added CWE
CWE-119
Added CVSS V2
(AV:A/AC:L/Au:S/C:C/I:C/A:C)
Added Evaluator Description
Though the VENOM vulnerability is also agnostic of the guest operating system, an attacker (or an attacker’s malware) would need to have administrative or root privileges in the guest operating system in order to exploit VENOM
Added CPE Configuration
Configuration 1
     OR
          *cpe:2.3:a:qemu:qemu:2.3.0:*:*:*:*:*:*:* (and previous)
Configuration 2
     OR
          *cpe:2.3:a:xen:xen:4.5.0:*:*:*:*:*:*:*
          *cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
          *cpe:2.3:o:redhat:enterprise_linux:6:*:*:*:*:*:*:*
          *cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
          *cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*
          *cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*
          *cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*