CVE-2017-8498Sensitive Information Exposure in Corporation Microsoft Edge

CWE-200Sensitive Information Exposure7 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
12.2%
top 6.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Microsoft Corporation Microsoft EdgeMsrc Microsoft Edge ON Windows 10 Version 1607 FOR 32-bit SystemsMsrc Microsoft Edge ON Windows 10 Version 1607 FOR X64-based Systems+3 more
Timeline
PublishedJun 15
Latest updateMay 17

Description

Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browser extensions, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8504.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages6 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-hg64-q6m3-wv9w: Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read the URL of a cross-origin request when the Microsoft Ed2022-05-17
GHSA
GHSA-cv8w-4mvf-w685: Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows Java2022-05-17

📋Vendor Advisories

1
Microsoft
Microsoft Edge Information Disclosure Vulnerability2017-06-13

🕵️Threat Intelligence

2
Qualys
Microsoft Fixes 94 Security Issues in Massive June Update | Qualys2017-06-13
Qualys
Microsoft Fixes 94 Security Issues in Massive June Update2017-06-13
CVE-2017-8498 — Sensitive Information Exposure | cvebase