⚠ Actively exploited
Added to CISA KEV on 2022-05-23. Federal agencies required to patch by 2022-06-13. Required action: Apply updates per vendor instructions..
CVE-2019-0703 — Sensitive Information Exposure in Microsoft Windows
10 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
23.2%
top 4.05%
CISA KEV
KEV
Added 2022-05-23
Due 2022-06-13
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedApr 9
KEV addedMay 23
KEV dueJun 13
CISA Required Action: Apply updates per vendor instructions.
Description
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages20 packages
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-4363-m599-g24f: An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosur↗2022-05-13
GHSA▶
GHSA-7hvr-vpv9-p423: An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosur↗2022-05-13
GHSA▶
GHSA-gx47-9xcf-wqqr: An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosur↗2022-05-13
Project0
▶