← Back

CVE-2018-0803

nvd nist
Published: Jan 4, 2018Modified: Nov 21, 2024

JSON object

Loading...
4.2
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Exploitability: 1.6 / Impact: 2.5
Source: NVD

Description

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Microsoft Edge enforces cross-domain policies, aka "Microsoft Edge Elevation of Privilege Vulnerability".

Affected (1)

Products: Microsoft: Edge
Microsoft
1 product
Edge
Configuration A
1 vulnerable · 6 platform
Vulnerable SoftwareAffected Versions
Edge
All versions
Running on/withPlatform Versions
Microsoft
Windows 10
All versions
Microsoft
Windows 10
Version 1511
Microsoft
Windows 10
Version 1607
Microsoft
Windows 10
Version 1703
Microsoft
Windows 10
Version 1709
Microsoft
Windows Server 2016
All versions

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (6)

Source: secure@microsoft.com
Third Party AdvisoryVDB Entry
Source: secure@microsoft.com
Third Party AdvisoryVDB Entry
Source: secure@microsoft.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.