CVE-2019-1220

CWE-425 CWE-1220 CWE-200 — Information Exposure6 documents5 sources

Severity

4.3MEDIUM

EPSS

5.9%

top 9.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 ON Windows 10 Version 1903 FOR 32-bit Systems +25 more

Timeline

PublishedSep 11

Latest updateMay 24

Description

A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages28 packages

▶NVDmicrosoft/internet_explorer10, 11, 9+2

▶CVEListV5microsoft/internet_explorer_9Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2+1

▶CVEListV5microsoft/internet_explorer_10Windows Server 2012

▶CVEListV5microsoft/internet_explorer_1124 versions+23

▶CVEListV5microsoft/internet_explorer_11_on_windows_server_2012unspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-8c6c-962w-cq52: A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka '↗2022-05-24

▶

CVEList

CVE-2019-1220: A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka '↗2019-09-11

▶

📋Vendor Advisories

Red Hat

hw: Intel SGX information leak↗2019-11-12

▶

Microsoft

Microsoft Browser Security Feature Bypass Vulnerability↗2019-09-10

▶

Red Hat

containerized-data-importer: Exposed read access to all storage currently allocated to PVCs regardless of namespace↗2019-06-01

▶