Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-1209 (GCVE-0-2019-1209)
Vulnerability from cvelistv5 – Published: 2019-09-11 21:24 – Updated: 2024-08-04 18:13
VLAI?
EPSS
Summary
An information disclosure vulnerability exists in Lync 2013, aka 'Lync 2013 Information Disclosure Vulnerability'.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Lync Server |
Affected:
2013
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:13:29.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Lync Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in Lync 2013, aka \u0027Lync 2013 Information Disclosure Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-11T21:24:57",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-1209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Lync Server",
"version": {
"version_data": [
{
"version_value": "2013"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in Lync 2013, aka \u0027Lync 2013 Information Disclosure Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-1209",
"datePublished": "2019-09-11T21:24:57",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T18:13:29.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:lync:2013:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57F4F185-8709-4846-B017-A09C7A0D58B8\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An information disclosure vulnerability exists in Lync 2013, aka \u0027Lync 2013 Information Disclosure Vulnerability\u0027.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad de divulgaci\\u00f3n de informaci\\u00f3n en Lync 2013, tambi\\u00e9n se conoce como \\\"Lync 2013 Information Disclosure Vulnerability\\\".\"}]",
"id": "CVE-2019-1209",
"lastModified": "2024-11-21T04:36:14.930",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2019-09-11T22:15:14.460",
"references": "[{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-1209\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2019-09-11T22:15:14.460\",\"lastModified\":\"2024-11-21T04:36:14.930\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An information disclosure vulnerability exists in Lync 2013, aka \u0027Lync 2013 Information Disclosure Vulnerability\u0027.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Lync 2013, tambi\u00e9n se conoce como \\\"Lync 2013 Information Disclosure Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:lync:2013:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57F4F185-8709-4846-B017-A09C7A0D58B8\"}]}]}],\"references\":[{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2019-AVI-570
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la fonctionnalité de sécurité, une usurpation d'identité, une exécution de code à distance, une élévation de privilèges et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Exchange Server 2013 Cumulative Update 23 | ||
| Microsoft | N/A | ChakraCore | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.0 | ||
| Microsoft | N/A | Team Foundation Server 2018 Update 3.2 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.2 | ||
| Microsoft | Azure | Azure DevOps Server 2019.0.1 | ||
| Microsoft | N/A | PowerShell Core 6.2 | ||
| Microsoft | N/A | SQL Server Management Studio 18.3.1 | ||
| Microsoft | Azure | Azure DevOps Server 2019 Update 1 | ||
| Microsoft | N/A | Microsoft System Center 2012 R2 Endpoint Protection | ||
| Microsoft | N/A | Yammer pour Android | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 3 | ||
| Microsoft | Azure | Azure Stack | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.9 | ||
| Microsoft | N/A | Microsoft System Center Endpoint Protection | ||
| Microsoft | N/A | Team Foundation Server 2017 Update 3.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.0 | ||
| Microsoft | N/A | Visual Studio Code | ||
| Microsoft | N/A | Microsoft Security Essentials | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 2 | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 13 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.3 | ||
| Microsoft | N/A | Microsoft Lync Server 2013 | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2015 Update 3 | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 14 | ||
| Microsoft | N/A | Team Foundation Server 2018 Update 1.2 | ||
| Microsoft | N/A | Rome SDK 1.4.1 | ||
| Microsoft | N/A | SQL Server Management Studio 18.3 | ||
| Microsoft | Azure | Azure App Service on Azure Stack | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.0 | ||
| Microsoft | N/A | Microsoft Forefront Endpoint Protection 2010 | ||
| Microsoft | N/A | Open Enclave SDK | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 12 | ||
| Microsoft | N/A | Team Foundation Server 2015 Update 4.2 | ||
| Microsoft | N/A | PowerShell Core 6.1 | ||
| Microsoft | N/A | Microsoft System Center 2012 Endpoint Protection |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Exchange Server 2013 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ChakraCore",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2018 Update 3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2019.0.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "PowerShell Core 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "SQL Server Management Studio 18.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2019 Update 1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft System Center 2012 R2 Endpoint Protection",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Yammer pour Android",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Stack",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft System Center Endpoint Protection",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2017 Update 3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Visual Studio Code",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Security Essentials",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 13",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync Server 2013",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2015 Update 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 14",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2018 Update 1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Rome SDK 1.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "SQL Server Management Studio 18.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure App Service on Azure Stack",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Forefront Endpoint Protection 2010",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Open Enclave SDK",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2015 Update 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "PowerShell Core 6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft System Center 2012 Endpoint Protection",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1375",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1375"
},
{
"name": "CVE-2019-1369",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1369"
},
{
"name": "CVE-2019-1234",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1234"
},
{
"name": "CVE-2019-1300",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1300"
},
{
"name": "CVE-2019-1266",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1266"
},
{
"name": "CVE-2019-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1255"
},
{
"name": "CVE-2019-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1232"
},
{
"name": "CVE-2019-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1428"
},
{
"name": "CVE-2019-1306",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1306"
},
{
"name": "CVE-2019-1298",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1298"
},
{
"name": "CVE-2019-1305",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1305"
},
{
"name": "CVE-2019-1335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1335"
},
{
"name": "CVE-2019-1231",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1231"
},
{
"name": "CVE-2019-1313",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1313"
},
{
"name": "CVE-2019-1426",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1426"
},
{
"name": "CVE-2019-1217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1217"
},
{
"name": "CVE-2019-1307",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1307"
},
{
"name": "CVE-2019-1233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1233"
},
{
"name": "CVE-2019-1366",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1366"
},
{
"name": "CVE-2019-1308",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1308"
},
{
"name": "CVE-2019-1372",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1372"
},
{
"name": "CVE-2019-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1376"
},
{
"name": "CVE-2019-1237",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1237"
},
{
"name": "CVE-2019-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1370"
},
{
"name": "CVE-2019-1301",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1301"
},
{
"name": "CVE-2019-1425",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1425"
},
{
"name": "CVE-2019-1414",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1414"
},
{
"name": "CVE-2019-1373",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1373"
},
{
"name": "CVE-2019-1427",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1427"
},
{
"name": "CVE-2019-1265",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1265"
},
{
"name": "CVE-2019-1209",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1209"
},
{
"name": "CVE-2019-1138",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1138"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-570",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-11-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un\ncontournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9, une usurpation\nd\u0027identit\u00e9, une ex\u00e9cution de code \u00e0 distance, une \u00e9l\u00e9vation de\nprivil\u00e8ges et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 novembre 2019",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2019-AVI-438
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer un contournement de la fonctionnalité de sécurité, une atteinte à la confidentialité des données, une élévation de privilèges, une exécution de code à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | ChakraCore | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.0 | ||
| Microsoft | N/A | Team Foundation Server 2018 Update 3.2 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.2 | ||
| Microsoft | Azure | Azure DevOps Server 2019.0.1 | ||
| Microsoft | Azure | Azure DevOps Server 2019 Update 1 | ||
| Microsoft | N/A | Yammer pour Android | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.9 | ||
| Microsoft | N/A | Team Foundation Server 2017 Update 3.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.0 | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 2 | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 13 | ||
| Microsoft | N/A | Microsoft Lync Server 2013 | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2015 Update 3 | ||
| Microsoft | N/A | Team Foundation Server 2018 Update 1.2 | ||
| Microsoft | N/A | Rome SDK 1.4.1 | ||
| Microsoft | N/A | Nuget 5.2.0 | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 12 | ||
| Microsoft | N/A | Team Foundation Server 2015 Update 4.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ChakraCore",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2018 Update 3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2019.0.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2019 Update 1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Yammer pour Android",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2017 Update 3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 13",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync Server 2013",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2015 Update 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2018 Update 1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Rome SDK 1.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuget 5.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2015 Update 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1300",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1300"
},
{
"name": "CVE-2019-1266",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1266"
},
{
"name": "CVE-2019-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1232"
},
{
"name": "CVE-2019-1306",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1306"
},
{
"name": "CVE-2019-1298",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1298"
},
{
"name": "CVE-2019-1258",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1258"
},
{
"name": "CVE-2019-1305",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1305"
},
{
"name": "CVE-2019-1231",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1231"
},
{
"name": "CVE-2019-1217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1217"
},
{
"name": "CVE-2019-1233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1233"
},
{
"name": "CVE-2019-1237",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1237"
},
{
"name": "CVE-2019-1265",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1265"
},
{
"name": "CVE-2019-1209",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1209"
},
{
"name": "CVE-2019-1138",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1138"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-438",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-09-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la fonctionnalit\u00e9 de\ns\u00e9curit\u00e9, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une \u00e9l\u00e9vation\nde privil\u00e8ges, une ex\u00e9cution de code \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 septembre 2019",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2019-AVI-438
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer un contournement de la fonctionnalité de sécurité, une atteinte à la confidentialité des données, une élévation de privilèges, une exécution de code à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | ChakraCore | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.0 | ||
| Microsoft | N/A | Team Foundation Server 2018 Update 3.2 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.2 | ||
| Microsoft | Azure | Azure DevOps Server 2019.0.1 | ||
| Microsoft | Azure | Azure DevOps Server 2019 Update 1 | ||
| Microsoft | N/A | Yammer pour Android | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.9 | ||
| Microsoft | N/A | Team Foundation Server 2017 Update 3.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.0 | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 2 | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 13 | ||
| Microsoft | N/A | Microsoft Lync Server 2013 | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2015 Update 3 | ||
| Microsoft | N/A | Team Foundation Server 2018 Update 1.2 | ||
| Microsoft | N/A | Rome SDK 1.4.1 | ||
| Microsoft | N/A | Nuget 5.2.0 | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 12 | ||
| Microsoft | N/A | Team Foundation Server 2015 Update 4.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ChakraCore",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2018 Update 3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2019.0.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2019 Update 1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Yammer pour Android",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2017 Update 3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 13",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync Server 2013",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2015 Update 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2018 Update 1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Rome SDK 1.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuget 5.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2015 Update 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1300",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1300"
},
{
"name": "CVE-2019-1266",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1266"
},
{
"name": "CVE-2019-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1232"
},
{
"name": "CVE-2019-1306",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1306"
},
{
"name": "CVE-2019-1298",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1298"
},
{
"name": "CVE-2019-1258",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1258"
},
{
"name": "CVE-2019-1305",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1305"
},
{
"name": "CVE-2019-1231",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1231"
},
{
"name": "CVE-2019-1217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1217"
},
{
"name": "CVE-2019-1233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1233"
},
{
"name": "CVE-2019-1237",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1237"
},
{
"name": "CVE-2019-1265",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1265"
},
{
"name": "CVE-2019-1209",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1209"
},
{
"name": "CVE-2019-1138",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1138"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-438",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-09-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la fonctionnalit\u00e9 de\ns\u00e9curit\u00e9, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une \u00e9l\u00e9vation\nde privil\u00e8ges, une ex\u00e9cution de code \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 septembre 2019",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2019-AVI-570
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la fonctionnalité de sécurité, une usurpation d'identité, une exécution de code à distance, une élévation de privilèges et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Exchange Server 2013 Cumulative Update 23 | ||
| Microsoft | N/A | ChakraCore | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.0 | ||
| Microsoft | N/A | Team Foundation Server 2018 Update 3.2 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.2 | ||
| Microsoft | Azure | Azure DevOps Server 2019.0.1 | ||
| Microsoft | N/A | PowerShell Core 6.2 | ||
| Microsoft | N/A | SQL Server Management Studio 18.3.1 | ||
| Microsoft | Azure | Azure DevOps Server 2019 Update 1 | ||
| Microsoft | N/A | Microsoft System Center 2012 R2 Endpoint Protection | ||
| Microsoft | N/A | Yammer pour Android | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 3 | ||
| Microsoft | Azure | Azure Stack | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.9 | ||
| Microsoft | N/A | Microsoft System Center Endpoint Protection | ||
| Microsoft | N/A | Team Foundation Server 2017 Update 3.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.0 | ||
| Microsoft | N/A | Visual Studio Code | ||
| Microsoft | N/A | Microsoft Security Essentials | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 2 | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 13 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.3 | ||
| Microsoft | N/A | Microsoft Lync Server 2013 | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2015 Update 3 | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 14 | ||
| Microsoft | N/A | Team Foundation Server 2018 Update 1.2 | ||
| Microsoft | N/A | Rome SDK 1.4.1 | ||
| Microsoft | N/A | SQL Server Management Studio 18.3 | ||
| Microsoft | Azure | Azure App Service on Azure Stack | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.0 | ||
| Microsoft | N/A | Microsoft Forefront Endpoint Protection 2010 | ||
| Microsoft | N/A | Open Enclave SDK | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 12 | ||
| Microsoft | N/A | Team Foundation Server 2015 Update 4.2 | ||
| Microsoft | N/A | PowerShell Core 6.1 | ||
| Microsoft | N/A | Microsoft System Center 2012 Endpoint Protection |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Exchange Server 2013 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ChakraCore",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2018 Update 3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2019.0.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "PowerShell Core 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "SQL Server Management Studio 18.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2019 Update 1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft System Center 2012 R2 Endpoint Protection",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Yammer pour Android",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Stack",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft System Center Endpoint Protection",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2017 Update 3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Visual Studio Code",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Security Essentials",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 13",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync Server 2013",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2015 Update 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 14",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2018 Update 1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Rome SDK 1.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "SQL Server Management Studio 18.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure App Service on Azure Stack",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Forefront Endpoint Protection 2010",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Open Enclave SDK",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2015 Update 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "PowerShell Core 6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft System Center 2012 Endpoint Protection",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1375",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1375"
},
{
"name": "CVE-2019-1369",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1369"
},
{
"name": "CVE-2019-1234",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1234"
},
{
"name": "CVE-2019-1300",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1300"
},
{
"name": "CVE-2019-1266",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1266"
},
{
"name": "CVE-2019-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1255"
},
{
"name": "CVE-2019-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1232"
},
{
"name": "CVE-2019-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1428"
},
{
"name": "CVE-2019-1306",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1306"
},
{
"name": "CVE-2019-1298",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1298"
},
{
"name": "CVE-2019-1305",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1305"
},
{
"name": "CVE-2019-1335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1335"
},
{
"name": "CVE-2019-1231",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1231"
},
{
"name": "CVE-2019-1313",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1313"
},
{
"name": "CVE-2019-1426",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1426"
},
{
"name": "CVE-2019-1217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1217"
},
{
"name": "CVE-2019-1307",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1307"
},
{
"name": "CVE-2019-1233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1233"
},
{
"name": "CVE-2019-1366",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1366"
},
{
"name": "CVE-2019-1308",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1308"
},
{
"name": "CVE-2019-1372",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1372"
},
{
"name": "CVE-2019-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1376"
},
{
"name": "CVE-2019-1237",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1237"
},
{
"name": "CVE-2019-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1370"
},
{
"name": "CVE-2019-1301",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1301"
},
{
"name": "CVE-2019-1425",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1425"
},
{
"name": "CVE-2019-1414",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1414"
},
{
"name": "CVE-2019-1373",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1373"
},
{
"name": "CVE-2019-1427",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1427"
},
{
"name": "CVE-2019-1265",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1265"
},
{
"name": "CVE-2019-1209",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1209"
},
{
"name": "CVE-2019-1138",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1138"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-570",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-11-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un\ncontournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9, une usurpation\nd\u0027identit\u00e9, une ex\u00e9cution de code \u00e0 distance, une \u00e9l\u00e9vation de\nprivil\u00e8ges et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 novembre 2019",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CNVD-2019-31849
Vulnerability from cnvd - Published: 2019-09-18
VLAI Severity ?
Title
Microsoft Lync Server信息泄漏漏洞
Description
Microsoft Lync Server(前称Microsoft Office Communicator)是美国微软(Microsoft)公司的一套企业整合沟通平台。该平台能够跨越PC、Web、手机等其他移动设备,将不同的沟通方式集成到一个平台中。
Microsoft Lync Server 2013中存在信息泄漏漏洞,攻击者可利用该漏洞读取用户计算机上的任意文件。
Severity
中
Patch Name
Microsoft Lync Server信息泄漏漏洞的补丁
Patch Description
Microsoft Lync Server(前称Microsoft Office Communicator)是美国微软(Microsoft)公司的一套企业整合沟通平台。该平台能够跨越PC、Web、手机等其他移动设备,将不同的沟通方式集成到一个平台中。
Microsoft Lync Server 2013中存在信息泄漏漏洞,攻击者可利用该漏洞读取用户计算机上的任意文件。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-1209
Reference
https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-1209
Impacted products
| Name | Microsoft Lync Server 2013 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-1209"
}
},
"description": "Microsoft Lync Server\uff08\u524d\u79f0Microsoft Office Communicator\uff09\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f01\u4e1a\u6574\u5408\u6c9f\u901a\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u80fd\u591f\u8de8\u8d8aPC\u3001Web\u3001\u624b\u673a\u7b49\u5176\u4ed6\u79fb\u52a8\u8bbe\u5907\uff0c\u5c06\u4e0d\u540c\u7684\u6c9f\u901a\u65b9\u5f0f\u96c6\u6210\u5230\u4e00\u4e2a\u5e73\u53f0\u4e2d\u3002\n\nMicrosoft Lync Server 2013\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u7528\u6237\u8ba1\u7b97\u673a\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\u3002",
"discovererName": "Ahmed Aaish",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-1209",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-31849",
"openTime": "2019-09-18",
"patchDescription": "Microsoft Lync Server\uff08\u524d\u79f0Microsoft Office Communicator\uff09\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f01\u4e1a\u6574\u5408\u6c9f\u901a\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u80fd\u591f\u8de8\u8d8aPC\u3001Web\u3001\u624b\u673a\u7b49\u5176\u4ed6\u79fb\u52a8\u8bbe\u5907\uff0c\u5c06\u4e0d\u540c\u7684\u6c9f\u901a\u65b9\u5f0f\u96c6\u6210\u5230\u4e00\u4e2a\u5e73\u53f0\u4e2d\u3002\r\n\r\nMicrosoft Lync Server 2013\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u7528\u6237\u8ba1\u7b97\u673a\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Microsoft Lync Server\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Microsoft Lync Server 2013"
},
"referenceLink": "https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-1209",
"serverity": "\u4e2d",
"submitTime": "2019-09-12",
"title": "Microsoft Lync Server\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e"
}
GSD-2019-1209
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
An information disclosure vulnerability exists in Lync 2013, aka 'Lync 2013 Information Disclosure Vulnerability'.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-1209",
"description": "An information disclosure vulnerability exists in Lync 2013, aka \u0027Lync 2013 Information Disclosure Vulnerability\u0027.",
"id": "GSD-2019-1209"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-1209"
],
"details": "An information disclosure vulnerability exists in Lync 2013, aka \u0027Lync 2013 Information Disclosure Vulnerability\u0027.",
"id": "GSD-2019-1209",
"modified": "2023-12-13T01:23:51.612190Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-1209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Lync Server",
"version": {
"version_data": [
{
"version_value": "2013"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in Lync 2013, aka \u0027Lync 2013 Information Disclosure Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:lync:2013:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-1209"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in Lync 2013, aka \u0027Lync 2013 Information Disclosure Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-09-12T14:15Z",
"publishedDate": "2019-09-11T22:15Z"
}
}
}
GHSA-6RJQ-46QF-87G8
Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2022-05-24 16:56
VLAI?
Details
An information disclosure vulnerability exists in Lync 2013, aka 'Lync 2013 Information Disclosure Vulnerability'.
{
"affected": [],
"aliases": [
"CVE-2019-1209"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-11T22:15:00Z",
"severity": "MODERATE"
},
"details": "An information disclosure vulnerability exists in Lync 2013, aka \u0027Lync 2013 Information Disclosure Vulnerability\u0027.",
"id": "GHSA-6rjq-46qf-87g8",
"modified": "2022-05-24T16:56:00Z",
"published": "2022-05-24T16:56:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1209"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209"
}
],
"schema_version": "1.4.0",
"severity": []
}
FKIE_CVE-2019-1209
Vulnerability from fkie_nvd - Published: 2019-09-11 22:15 - Updated: 2024-11-21 04:36
Severity ?
Summary
An information disclosure vulnerability exists in Lync 2013, aka 'Lync 2013 Information Disclosure Vulnerability'.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:lync:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "57F4F185-8709-4846-B017-A09C7A0D58B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in Lync 2013, aka \u0027Lync 2013 Information Disclosure Vulnerability\u0027."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Lync 2013, tambi\u00e9n se conoce como \"Lync 2013 Information Disclosure Vulnerability\"."
}
],
"id": "CVE-2019-1209",
"lastModified": "2024-11-21T04:36:14.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-11T22:15:14.460",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…