CVE-2019-0649Microsoft Chakracore vulnerability

5 documents5 sources
Severity
8.1HIGHNVD
EPSS
9.5%
top 7.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft ChakracoreMicrosoft Edge
Timeline
PublishedMar 5
Latest updateMay 13

Description

A vulnerability exists in Microsoft Chakra JIT server, aka 'Scripting Engine Elevation of Privileged Vulnerability'.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages3 packages

NVDmicrosoft/chakracore< 1.11.6
CVEListV5microsoft/chakracoreunspecified
CVEListV5microsoft/microsoft_edge12 versions+11

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
OSV
Chakra JIT server Privilege Escalation2022-05-13
GHSA
Chakra JIT server Privilege Escalation2022-05-13
CVEList
CVE-2019-0649: A vulnerability exists in Microsoft Chakra JIT server, aka 'Scripting Engine Elevation of Privileged Vulnerability'2019-03-06

📋Vendor Advisories

1
Microsoft
Scripting Engine Elevation of Privileged Vulnerability2019-02-12
CVE-2019-0649 — Microsoft Chakracore vulnerability | cvebase