CVE-2018-8425 — Authentication Bypass by Spoofing in Microsoft Edge

CWE-290 — Authentication Bypass by Spoofing6 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

2.4%

top 14.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Edge

Timeline

PublishedSep 13

Latest updateMay 13

Description

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5microsoft/microsoft_edge11 versions+10

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-r8m8-j8rp-h564: A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability↗2022-05-13

▶

CVEList

CVE-2018-8425: A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability↗2018-09-13

▶

📋Vendor Advisories

Microsoft

Microsoft Edge Spoofing Vulnerability↗2018-09-11

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - September 2018↗2018-09-11

▶

Talos

Microsoft Patch Tuesday - September 2018↗2018-09-11

▶