Vulnerability Details : CVE-2019-0658
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0648.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2019-0658
Probability of exploitation activity in the next 30 days: 1.43%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2019-0658
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
References for CVE-2019-0658
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658
CVE-2019-0658 | Scripting Engine Information Disclosure VulnerabilityPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/106882
Microsoft Edge CVE-2019-0658 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
Products affected by CVE-2019-0658
- cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*