Lucene search

[email protected]NVD:CVE-2018-0891

HistoryMar 14, 2018 - 5:29 p.m.

CVE-2018-0891

2018-03-1417:29:01

CWE-401

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

4.3

Confidence

High

EPSS

0.946

Percentile

99.3%

JSON

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how the scripting engine handles objects in memory, aka “Scripting Engine Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2018-0939.

Affected configurations

Nvd

Node

microsoftinternet_explorerMatch9

AND

microsoftwindows_server_2008sp2

Node

microsoftinternet_explorerMatch10

AND

microsoftwindows_server_2012

Node

microsoftedge

microsoftinternet_explorerMatch11

AND

microsoftwindows_10Match-

microsoftwindows_10Match1511

microsoftwindows_10Match1607

microsoftwindows_10Match1703

microsoftwindows_10Match1709

microsoftwindows_server_2016

Node

microsoftinternet_explorerMatch11

AND

microsoftwindows_7sp1

microsoftwindows_8.1

microsoftwindows_rt_8.1

microsoftwindows_server_2008Matchr2sp1

microsoftwindows_server_2012Matchr2

VendorProductVersionCPE
microsoftinternet_explorer9cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
microsoftinternet_explorer10cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
microsoftwindows_server_2012*cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
microsoftedge*cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*
microsoftinternet_explorer11cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*
microsoftwindows_10-cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
microsoftwindows_101511cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
microsoftwindows_101607cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
microsoftwindows_101703cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	internet_explorer	9	cpe:2.3:a:microsoft:internet_explorer:9:::::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008::sp2::::::*
microsoft	internet_explorer	10	cpe:2.3:a:microsoft:internet_explorer:10:::::::*
microsoft	windows_server_2012	*	cpe:2.3:o:microsoft:windows_server_2012::::::::
microsoft	edge	*	cpe:2.3:a:microsoft:edge::::::::
microsoft	internet_explorer	11	cpe:2.3:a:microsoft:internet_explorer:11:::::::*
microsoft	windows_10	-	cpe:2.3:o:microsoft:windows_10:-:::::::*
microsoft	windows_10	1511	cpe:2.3:o:microsoft:windows_10:1511:::::::*
microsoft	windows_10	1607	cpe:2.3:o:microsoft:windows_10:1607:::::::*
microsoft	windows_10	1703	cpe:2.3:o:microsoft:windows_10:1703:::::::*