CVE-2019-1192Incorrect Authorization in Microsoft Internet Explorer 10

CWE-863Incorrect Authorization4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
2.4%
top 15.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Edge+1 more
Timeline
PublishedAug 14
Latest updateMay 24

Description

A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted. In a web-based attack scenario, an attacker could host a specially crafted website that is designed t

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5microsoft/microsoft_edge1.0..0publication
CVEListV5microsoft/internet_explorer_101.0.0publication
CVEListV5microsoft/internet_explorer_111.0.0publication

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-5qmr-w63r-99q4: A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka 'Microsoft Browsers Securi2022-05-24
CVEList
Microsoft Browsers Security Feature Bypass Vulnerability2019-08-14

📋Vendor Advisories

1
Microsoft
Microsoft Browsers Security Feature Bypass Vulnerability2019-08-13
CVE-2019-1192 — Incorrect Authorization in Microsoft | cvebase