CVE-2020-0884

CWE-319 — Cleartext Transmission4 documents4 sources

Severity

3.7LOW

EPSS

1.6%

top 18.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Visual Studio 2017 Microsoft Visual Studio 2019 Microsoft Microsoft Visual Studio 2017 Version 15.9 (includes 15.1 - 15.8)+2 more

Timeline

PublishedMar 12

Latest updateMay 24

Description

A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages5 packages

▶CVEListV5microsoft/microsoft_visual_studio_2017_version_15.9_(includes_15.1_-_15.8)unspecified

▶CVEListV5microsoft/microsoft_visual_studio_2019_version_16.4_(includes_16.0_-_16.3)unspecified

▶NVDmicrosoft/visual_studio_201715.1 — 15.8

▶NVDmicrosoft/visual_studio_201916.0 — 16.3

▶CVEListV5microsoft/microsoft_visual_studio_201916.0

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-qhw6-g646-98wf: A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofin↗2022-05-24

▶

CVEList

CVE-2020-0884: A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofin↗2020-03-12

▶

📋Vendor Advisories

Microsoft

Microsoft Visual Studio Spoofing Vulnerability↗2020-03-10

▶