CVE-2019-1192medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka 'Microsoft Browsers Security Feature Bypass Vulnerability'.
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1192
Details
Source: MITRE
Published: 2019-08-14
Updated: 2020-08-24
Type: CWE-863
Risk Information
CVSS v2
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3
Base Score: 4.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Impact Score: 1.4
Exploitability Score: 2.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
AND
OR
OR
Configuration 2
AND
OR
OR
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Configuration 3
AND
OR
OR
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 127852 | Security Updates for Internet Explorer (August 2019) | Nessus | Windows : Microsoft Bulletins | high |
| 127851 | KB4512482: Windows Server 2012 August 2019 Security Update | Nessus | Windows : Microsoft Bulletins | critical |
| 127850 | KB4512517: Windows 10 Version 1607 and Windows Server 2016 August 2019 Security Update | Nessus | Windows : Microsoft Bulletins | critical |
| 127849 | KB4512516: Windows 10 Version 1709 August 2019 Security Update | Nessus | Windows : Microsoft Bulletins | critical |
| 127848 | KB4512508: Windows 10 Version 1903 August 2019 Security Update | Nessus | Windows : Microsoft Bulletins | critical |
| 127847 | KB4512507: Windows 10 Version 1703 August 2019 Security Update | Nessus | Windows : Microsoft Bulletins | critical |
| 127846 | KB4512486: Windows 7 and Windows Server 2008 R2 August 2019 Security Update | Nessus | Windows : Microsoft Bulletins | critical |
| 127845 | KB4512501: Windows 10 Version 1803 August 2019 Security Update | Nessus | Windows : Microsoft Bulletins | critical |
| 127844 | KB4512497: Windows 10 August 2019 Security Update | Nessus | Windows : Microsoft Bulletins | critical |
| 127843 | KB4512489: Windows 8.1 and Windows Server 2012 R2 August 2019 Security Update | Nessus | Windows : Microsoft Bulletins | critical |
| 127841 | KB4511553: Windows 10 Version 1809 and Windows Server 2019 August 2019 Security Update | Nessus | Windows : Microsoft Bulletins | critical |