Theoretically, if two companies (CompanyA and CompanyB) are hosted on the same server infrastructure and there are vulnerabilities in the hosting provider's system, it could potentially pose a risk to both companies.
In Web App services, those are often run in docker containers
- CVE-2020-15157: Container breakout in container runtimes like Docker. Could lead to escaping from one container and thus being able to compromise other services and containers on that host.
In shared virtualization environments, it's possible to take advantage of unpatched and outdated CPU architectures to take over other VMs on the same system.
- CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 (Spectre and Meltdown) caused isolation issues with processing and makes it possible to affect other services running on the CPU.
- CVE-2016-5195 (Dirty COW) is an issue with memory protections allowing memory protections to be bypassed
Rare
Rare
Rare
