cve-2019-0840
Vulnerability from cvelistv5
Published
2019-04-09 20:18
Modified
2024-08-04 17:58
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0844.
References
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0840 | Patch, Vendor Advisory |
Impacted products
▼ | Vendor | Product |
---|---|---|
Microsoft | Windows | |
Microsoft | Windows Server |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:58:59.809Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0840" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Windows", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "10 Version 1709 for 32-bit Systems" }, { "status": "affected", "version": "10 Version 1709 for x64-based Systems" }, { "status": "affected", "version": "10 Version 1803 for 32-bit Systems" }, { "status": "affected", "version": "10 Version 1803 for x64-based Systems" }, { "status": "affected", "version": "10 Version 1803 for ARM64-based Systems" }, { "status": "affected", "version": "10 Version 1809 for 32-bit Systems" }, { "status": "affected", "version": "10 Version 1809 for x64-based Systems" }, { "status": "affected", "version": "10 Version 1809 for ARM64-based Systems" }, { "status": "affected", "version": "10 Version 1709 for ARM64-based Systems" } ] }, { "product": "Windows Server", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "version 1709 (Core Installation)" }, { "status": "affected", "version": "version 1803 (Core Installation)" }, { "status": "affected", "version": "2019" }, { "status": "affected", "version": "2019 (Core installation)" } ] } ], "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \u0027Windows Kernel Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2019-0844." } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-04-09T20:18:32", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0840" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2019-0840", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Windows", "version": { "version_data": [ { "version_value": "10 Version 1709 for 32-bit Systems" }, { "version_value": "10 Version 1709 for x64-based Systems" }, { "version_value": "10 Version 1803 for 32-bit Systems" }, { "version_value": "10 Version 1803 for x64-based Systems" }, { "version_value": "10 Version 1803 for ARM64-based Systems" }, { "version_value": "10 Version 1809 for 32-bit Systems" }, { "version_value": "10 Version 1809 for x64-based Systems" }, { "version_value": "10 Version 1809 for ARM64-based Systems" }, { "version_value": "10 Version 1709 for ARM64-based Systems" } ] } }, { "product_name": "Windows Server", "version": { "version_data": [ { "version_value": "version 1709 (Core Installation)" }, { "version_value": "version 1803 (Core Installation)" }, { "version_value": "2019" }, { "version_value": "2019 (Core installation)" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \u0027Windows Kernel Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2019-0844." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0840", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0840" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2019-0840", "datePublished": "2019-04-09T20:18:32", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2024-08-04T17:58:59.809Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2019-0840\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2019-04-09T21:29:01.957\",\"lastModified\":\"2020-08-24T17:37:01.140\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \u0027Windows Kernel Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2019-0844.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando el kernel de Windows maneja inapropiadamente los objetos en la memoria, tambi\u00e9n se conoce como \\\"Windows Kernel Information Disclosure Vulnerability\\\". Este ID de CVE es diferente de CVE-2019-0844.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":2.1},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B14968-3985-43C3-ACE5-8307196EFAE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CB85C75-4D35-480E-843D-60579EC75FCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B8F3DD2-A145-4AF1-8545-CC42892DA3D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B454BFE-D3AB-4CDC-B79B-F60EA3F57DBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAACE735-003E-4ACB-A82E-C0CF97D7F013\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB79EE26-FC32-417D-A49C-A1A63165A968\"}]}]}],\"references\":[{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0840\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}" } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.