CVE-2019-8075

MEDIUM

Description

Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.

References

https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html

https://crbug.com/945997

https://helpx.adobe.com/security/products/flash-player/apsb19-30.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/AB2XOYF26EBHJEI6LXCBL32TGZM7UHQ4/

https://lists.fedoraproject.org/archives/list/[email protected]/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW/

https://www.debian.org/security/2021/dsa-4824

Details

Source: MITRE

Published: 2019-09-27

Updated: 2021-01-08

Type: CWE-346

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:apple:mac_os:-:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2

AND

OR

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*

OR

cpe:2.3:o:apple:mac_os:-:*:*:*:*:*:*:*

cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 3

AND

OR

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*

OR

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
143333openSUSE Security Update : chromium (openSUSE-2020-2021)NessusSuSE Local Security Checks
medium
143303openSUSE Security Update : chromium (openSUSE-2020-2032)NessusSuSE Local Security Checks
medium
143227Fedora 32 : chromium (2020-3e005ce2e0)NessusFedora Local Security Checks
medium
143176Fedora 33 : chromium (2020-10ec8aca61)NessusFedora Local Security Checks
medium
143156Microsoft Edge (Chromium) < 87.0.664.41 Multiple VulnerabilitiesNessusWindows
medium
701293Google Chrome < 87.0.4280.66 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
142971Google Chrome < 87.0.4280.66 Multiple VulnerabilitiesNessusWindows
medium
142970Google Chrome < 87.0.4280.66 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
medium
125815Adobe Flash Player <= 32.0.0.192 (APSB19-30)NessusWindows
medium
125814Adobe Flash Player for Mac <= 32.0.0.192 (APSB19-30)NessusMacOS X Local Security Checks
medium