CVE-2018-1021 — Sensitive Information Exposure in Microsoft Edge

CWE-200 — Sensitive Information Exposure CWE-1021 — UI Misrepresentation / Clickjacking22 documents9 sources

Severity

4.3MEDIUMNVD

EPSS

12.8%

top 5.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Edge

Timeline

PublishedMay 9

Latest updateMay 14

Description

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8123.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5microsoft/microsoft_edgeWindows 10 Version 1709 for 32-bit Systems, Windows 10 Version 1709 for x64-based Systems+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-g43w-8cfr-ggp7: An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vu↗2022-05-14

▶

GHSA

GHSA-fp3g-q6mc-hv9v: An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vu↗2022-05-13

▶

GHSA

Improper Restriction of Rendered UI Layers or Frames in Apache nifif↗2018-12-20

▶

CVEList

CVE-2018-1021: An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vu↗2018-05-09

▶

CVEList

CVE-2018-8123: An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vu↗2018-05-09

▶

📋Vendor Advisories

Cisco

Cisco HyperFlex UI Clickjacking Vulnerability↗2018-10-03

▶

Microsoft

Microsoft Edge based on Edge HTML Information Disclosure Vulnerability↗2018-05-08

▶