CVE-2018-8315Sensitive Information Exposure in Microsoft Chakracore

CWE-200Sensitive Information Exposure5 documents5 sources
Severity
4.2MEDIUMNVD
EPSS
5.6%
top 9.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Microsoft ChakracoreMicrosoft Internet Explorer 10Microsoft Internet Explorer 11+2 more
Timeline
PublishedSep 13
Latest updateMay 14

Description

An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.5

Affected Packages5 packages

CVEListV5microsoft/internet_explorer_10Windows Server 2012
CVEListV5microsoft/internet_explorer_1118 versions+17
CVEListV5microsoft/chakracoreChakraCore
CVEListV5microsoft/microsoft_edge11 versions+10

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
ChakraCore information disclosure vulnerability2022-05-14
OSV
ChakraCore information disclosure vulnerability2022-05-14
CVEList
CVE-2018-8315: An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Infor2018-09-13

📋Vendor Advisories

1
Microsoft
Microsoft Scripting Engine Information Disclosure Vulnerability2018-09-11
CVE-2018-8315 — Sensitive Information Exposure | cvebase