CVE-2017-8648

{"id": "CVE-2017-8648", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2017-09-13T01:29:09.753", "references": [{"url": "http://www.securityfocus.com/bid/100750", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id/1039326", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8648", "tags": ["Patch", "Vendor Advisory"], "source": "secure@microsoft.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8643."}, {"lang": "es", "value": "Microsoft Edge en la versi\u00f3n 1703 de Microsoft Windows permite que un atacante obtenga informaci\u00f3n para comprometer aun m\u00e1s la seguridad del sistema del usuario debido a la forma en la que Microsoft Edge gestiona objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Edge Information Disclosure Vulnerability\". Este ID CVE es exclusivo de CVE-2017-8597 y CVE-2017-8643."}], "lastModified": "2017-09-20T18:48:02.197", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8BD5B232-95EA-4F8E-8C7D-7976877AD243"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secure@microsoft.com"}