CVE-2024-49041

Опубликовано: 05 дек. 2024

Источник: msrc

CVSS3: 4.3

EPSS Низкий

Описание

Microsoft Edge (Chromium-based) Spoofing Vulnerability

FAQ

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to click on a specially crafted URL to be compromised by the attacker.

According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?

The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.

What is the version information for this release?

Microsoft Edge Version	Date Released	Based on Chromium Version
131.0.2903.86	12/05/2024	131.0.6778.108/.109

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 69%

0.0061

Низкий

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2024-49041

CVSS3: 4.3

nvd

около 1 года назад

Microsoft Edge (Chromium-based) Spoofing Vulnerability

GHSA-x295-2h73-x8gp

CVSS3: 4.3

github

около 1 года назад

Microsoft Edge (Chromium-based) Spoofing Vulnerability

BDU:2024-10994

CVSS3: 4.3

fstec

около 1 года назад

Уязвимость браузера Microsoft Edge, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю проводить спуфинг-атаки

EPSS

Процентиль: 69%

0.0061

Низкий

4.3 Medium

CVSS3