CVE-2019-0648

Опубликовано: 05 мар. 2019

Источник: nvd

CVSS3: 4.3

CVSS2: 4.3

EPSS Средний

Описание

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory, aka Scripting Engine Information Disclosure Vulnerability. This CVE ID is unique from CVE-2019-0658.

Ссылки

http://www.securityfocus.com/bid/106885
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0648
Patch
Vendor Advisory
http://www.securityfocus.com/bid/106885
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0648
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.10949

Средний

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2019-0648

CVSS3: 4.3

msrc

почти 7 лет назад

Scripting Engine Information Disclosure Vulnerability

GHSA-wwfw-m54g-gv72

CVSS3: 4.3

github

больше 3 лет назад

ChakraCore information disclosure vulnerability

BDU:2019-00807

CVSS3: 4.3

fstec

почти 7 лет назад

Уязвимость обработчика JavaScript-сценариев ChakraCore браузера Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 93%

0.10949

Средний

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo