CVE-2012-0147

CWE-163 documents3 sources

Severity

5.0MEDIUM

EPSS

36.5%

top 2.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Forefront Unified Access Gateway

Timeline

PublishedApr 10

Latest updateMay 4

Description

Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/forefront_unified_access_gateway2010

🔴Vulnerability Details

GHSA

GHSA-5f59-cr5p-9xh9: Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attac↗2022-05-04

▶

CVEList

CVE-2012-0147: Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attac↗2012-04-10

▶