CVE-2019-15687 — Sensitive Information Exposure in Anti-virus

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 36.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Kaspersky Anti-virus Kaspersky Internet Security Kaspersky Security Cloud +2 more

Timeline

PublishedNov 26

Latest updateMay 24

Description

Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user's system (like Windows version and version of the product, host unique ID). Information Disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶NVDkaspersky/small_office_security7

▶NVDkaspersky/security_cloud2020

▶NVDkaspersky/total_security2020

▶NVDkaspersky/internet_security2020

▶NVDkaspersky/anti-virus2020

🔴Vulnerability Details

GHSA

GHSA-4w37-wxvx-pgmp: Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Sec↗2022-05-24

▶

CVEList

CVE-2019-15687: Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Sec↗2019-11-26

▶