CVE-2022-26940Resource Exposure in Microsoft Remote Desktop Client FOR Windows Desktop

CWE-668Resource Exposure4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
16.4%
top 5.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft Remote Desktop Client FOR Windows DesktopMicrosoft Windows 11 Version 21h2Microsoft Windows Server 2022
Timeline
PublishedMay 10
Latest updateMay 11

Description

Remote Desktop Protocol Client Information Disclosure Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5microsoft/windows_server_202210.0.20348.010.0.20348.707
CVEListV5microsoft/windows_11_version_21h210.0.010.0.22000.675

Patches

Patch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-r3g9-4c8x-fwv7: Remote Desktop Protocol Client Information Disclosure Vulnerability2022-05-11
CVEList
Remote Desktop Protocol Client Information Disclosure Vulnerability2022-05-10

📋Vendor Advisories

1
Microsoft
Remote Desktop Protocol Client Information Disclosure Vulnerability2022-05-10
CVE-2022-26940 — Resource Exposure in Microsoft | cvebase