CVE-2024-38203
published 2024-11-12CVE-2024-38203: Windows Package Library Manager Information Disclosure Vulnerability
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
Windows Package Library Manager Information Disclosure Vulnerability
Affected
47 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1507 | < 10.0.10240.20826 | 10.0.10240.20826 |
| microsoft | windows_10_1607 | < 10.0.14393.7515 | 10.0.14393.7515 |
| microsoft | windows_10_1809 | < 10.0.17763.6532 | 10.0.17763.6532 |
| microsoft | windows_10_21h2 | < 10.0.19044.5131 | 10.0.19044.5131 |
| microsoft | windows_10_22h2 | < 10.0.19045.5131 | 10.0.19045.5131 |
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.20826 | 10.0.10240.20826 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.7515 | 10.0.14393.7515 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.6532 | 10.0.17763.6532 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.5131 | 10.0.19044.5131 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.5131 | 10.0.19045.5131 |
| microsoft | windows_11_22h2 | < 10.0.22621.4460 | 10.0.22621.4460 |
| microsoft | windows_11_23h2 | < 10.0.22631.4460 | 10.0.22631.4460 |
| microsoft | windows_11_24h2 | < 10.0.26100.2314 | 10.0.26100.2314 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.4460 | 10.0.22621.4460 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.4460 | 10.0.22631.4460 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.4460 | 10.0.22631.4460 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.2314 | 10.0.26100.2314 |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.7601.0 < 6.1.7601.27415 | 6.1.7601.27415 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.6003.0 < 6.0.6003.22966 | 6.0.6003.22966 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.25165 | 6.2.9200.25165 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.22267 | 6.3.9600.22267 |
| microsoft | windows_server_2016 | < 10.0.14393.7515 | 10.0.14393.7515 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.7515 | 10.0.14393.7515 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cisa9.8CRITICAL
GHSA
GHSA-8pwc-jhg2-h67f: Windows Package Library Manager Information Disclosure Vulnerability
ghsa_unreviewed·2024-11-12
CVE-2024-38203 [MEDIUM] CWE-693 GHSA-8pwc-jhg2-h67f: Windows Package Library Manager Information Disclosure Vulnerability
Windows Package Library Manager Information Disclosure Vulnerability
Microsoft
Windows Package Library Manager Information Disclosure Vulnerability
vendor_msrc·2024-11-12·CVSS 6.2
CVE-2024-38203 [MEDIUM] CWE-693 Windows Package Library Manager Information Disclosure Vulnerability
Windows Package Library Manager Information Disclosure Vulnerability
FAQ: What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is secrets or privileged information belonging to the user of the affected application.
Windows Package Library Manager: Windows Package Library Manager
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Information Disclosure
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046617
Reference: https://support.microsoft.com/help/5046617
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5046
CISA
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
cisa·2024-01-08·CVSS 9.8
CVE-2023-38203 [CRITICAL] CWE-502 Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Vulnerability: Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affected: Adobe ColdFusion
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://helpx.adobe.com/security/products/coldfusion/apsb23-41.html ; https://nvd.nist.gov/vuln/detail/CVE-2023-38203
Remediation Due Date: 2024-01-29
No detection rules found.
No public exploits indexed.
2024-11-12
Published