CVE-2017-11833Sensitive Information Exposure in Corporation Microsoft Edge

CWE-200Sensitive Information Exposure8 documents4 sources
Severity
4.3MEDIUMNVD
NVD3.1
EPSS
12.3%
top 6.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Microsoft Corporation Microsoft EdgeMsrc Microsoft Edge ON Windows 10 FOR 32-bit SystemsMsrc Microsoft Edge ON Windows 10 FOR X64-based Systems+9 more
Timeline
PublishedNov 15
Latest updateMay 17

Description

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected browser, due to how Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11844.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages12 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-rpvf-w2hf-x4mp: Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the2022-05-17
GHSA
GHSA-vmhq-9rwf-5w67: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determ2022-05-17
GHSA
GHSA-w3hc-7jp6-h5qq: Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the2022-05-17

📋Vendor Advisories

1
Microsoft
Microsoft Edge Information Disclosure Vulnerability2017-11-14

🕵️Threat Intelligence

1
Talos
Microsoft Patch Tuesday - November 20172017-11-14
CVE-2017-11833 — Sensitive Information Exposure | cvebase