CWE-449
The UI Performs the Wrong Action
The UI performs the wrong action with respect to the user's request.
CVE-2023-36535 (GCVE-0-2023-36535)
Vulnerability from cvelistv5
Published
2023-08-08 17:39
Modified
2024-10-08 15:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-449 - The UI Performs the Wrong Action
Summary
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Zoom Video Communications, Inc. | Zoom Clients |
Version: before 5.14.10 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:52:52.352Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://explore.zoom.us/en/trust/security/security-bulletin/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-36535", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-08T15:00:22.199594Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-08T15:03:49.453Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Zoom Clients", "vendor": "Zoom Video Communications, Inc.", "versions": [ { "status": "affected", "version": "before 5.14.10" } ] } ], "datePublic": "2023-08-08T15:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access." } ], "value": "Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-449", "description": "CWE-449: The UI Performs the Wrong Action", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-27T18:47:30.828Z", "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom" }, "references": [ { "url": "https://explore.zoom.us/en/trust/security/security-bulletin/" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "assignerShortName": "Zoom", "cveId": "CVE-2023-36535", "datePublished": "2023-08-08T17:39:51.259Z", "dateReserved": "2023-06-22T18:04:31.168Z", "dateUpdated": "2024-10-08T15:03:49.453Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-39209 (GCVE-0-2023-39209)
Vulnerability from cvelistv5
Published
2023-08-08 21:39
Modified
2024-10-04 17:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-449 - The UI Performs the Wrong Action
Summary
Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Zoom Video Communications, Inc. | Zoom Desktop Client for Windows |
Version: before 5.15.5 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:02:06.838Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://explore.zoom.us/en/trust/security/security-bulletin/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-39209", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T17:29:30.375597Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T17:31:35.321Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Zoom Desktop Client for Windows", "vendor": "Zoom Video Communications, Inc.", "versions": [ { "status": "affected", "version": "before 5.15.5" } ] } ], "datePublic": "2023-08-08T15:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access." } ], "value": "Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-449", "description": "CWE-449: The UI Performs the Wrong Action", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-27T19:03:35.453Z", "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom" }, "references": [ { "url": "https://explore.zoom.us/en/trust/security/security-bulletin/" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "assignerShortName": "Zoom", "cveId": "CVE-2023-39209", "datePublished": "2023-08-08T21:39:52.327Z", "dateReserved": "2023-07-25T18:38:00.937Z", "dateUpdated": "2024-10-04T17:31:35.321Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-39215 (GCVE-0-2023-39215)
Vulnerability from cvelistv5
Published
2023-09-12 19:53
Modified
2024-09-27 19:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-449 - The UI Performs the Wrong Action
Summary
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Zoom Video Communications, Inc. | Zoom Clients |
Version: see reference |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:02:06.576Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://explore.zoom.us/en/trust/security/security-bulletin/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-39215", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-25T14:56:51.859251Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-25T15:21:22.337Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Zoom Clients", "vendor": "Zoom Video Communications, Inc.", "versions": [ { "status": "affected", "version": "see reference" } ] } ], "datePublic": "2023-09-12T15:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access." } ], "value": "Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-449", "description": "CWE-449: The UI Performs the Wrong Action", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-27T19:08:23.362Z", "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom" }, "references": [ { "url": "https://explore.zoom.us/en/trust/security/security-bulletin/" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "assignerShortName": "Zoom", "cveId": "CVE-2023-39215", "datePublished": "2023-09-12T19:53:25.817Z", "dateReserved": "2023-07-25T18:38:00.938Z", "dateUpdated": "2024-09-27T19:08:23.362Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-43585 (GCVE-0-2023-43585)
Vulnerability from cvelistv5
Published
2023-12-13 22:15
Modified
2024-09-27 19:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-449 - The UI Performs the Wrong Action
Summary
Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Zoom Video Communications, Inc. | Zoom Mobile App for iOS and SDKs for iOS |
Version: before 5.16.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:44:43.663Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23058/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "iOS" ], "product": "Zoom Mobile App for iOS and SDKs for iOS", "vendor": "Zoom Video Communications, Inc.", "versions": [ { "status": "affected", "version": "before 5.16.0" } ] } ], "datePublic": "2023-12-12T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access." } ], "value": "Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-449", "description": "CWE-449: The UI Performs the Wrong Action", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-27T19:16:27.688Z", "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom" }, "references": [ { "url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23058/" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "assignerShortName": "Zoom", "cveId": "CVE-2023-43585", "datePublished": "2023-12-13T22:15:58.457Z", "dateReserved": "2023-09-19T22:05:40.665Z", "dateUpdated": "2024-09-27T19:16:27.688Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-43588 (GCVE-0-2023-43588)
Vulnerability from cvelistv5
Published
2023-11-14 23:11
Modified
2024-09-20 14:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-449 - The UI Performs the Wrong Action
Summary
Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Zoom Video Communications, Inc. | Zoom Clients |
Version: see references |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:44:43.701Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://explore.zoom.us/en/trust/security/security-bulletin/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-43588", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-29T15:33:33.640598Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-29T15:39:14.149Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows", "MacOS", "Linux", "iOS" ], "product": "Zoom Clients", "vendor": "Zoom Video Communications, Inc.", "versions": [ { "status": "affected", "version": "see references" } ] } ], "datePublic": "2023-11-14T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.\u003cbr\u003e\u003cbr\u003e" } ], "value": "Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-449", "description": "CWE-449: The UI Performs the Wrong Action", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-20T14:58:08.976Z", "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom" }, "references": [ { "url": "https://explore.zoom.us/en/trust/security/security-bulletin/" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "assignerShortName": "Zoom", "cveId": "CVE-2023-43588", "datePublished": "2023-11-14T23:11:18.161Z", "dateReserved": "2023-09-19T22:05:40.666Z", "dateUpdated": "2024-09-20T14:58:08.976Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-24698 (GCVE-0-2024-24698)
Vulnerability from cvelistv5
Published
2024-02-13 23:56
Modified
2024-09-27 19:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-449 - The UI Performs the Wrong Action
Summary
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Zoom Video Communications, Inc. | Zoom Clients |
Version: see references |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-24698", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-14T15:30:17.531210Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:43:32.245Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:28:11.903Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows", "iOS", "Linux", "Android" ], "product": "Zoom Clients", "vendor": "Zoom Video Communications, Inc.", "versions": [ { "status": "affected", "version": "see references" } ] } ], "datePublic": "2024-02-13T13:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.\u003cbr\u003e" } ], "value": "Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-449", "description": "CWE-449: The UI Performs the Wrong Action", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-27T19:28:28.333Z", "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom" }, "references": [ { "url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24005/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Zoom Clients - Improper Authentication", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "assignerShortName": "Zoom", "cveId": "CVE-2024-24698", "datePublished": "2024-02-13T23:56:14.515Z", "dateReserved": "2024-01-26T22:56:14.681Z", "dateUpdated": "2024-09-27T19:28:28.333Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-38083 (GCVE-0-2024-38083)
Vulnerability from cvelistv5
Published
2024-06-13 19:24
Modified
2025-07-16 00:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-449 - The UI Performs the Wrong Action
Summary
Microsoft Edge (Chromium-based) Spoofing Vulnerability
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
► | Microsoft | Microsoft Edge for iOS |
Version: 1.0.0.0 < 126.0.2592.56 |
||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-38083", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-18T14:11:06.776687Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-18T14:11:13.100Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:04:25.261Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38083" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "Unknown" ], "product": "Microsoft Edge for iOS", "vendor": "Microsoft", "versions": [ { "lessThan": "126.0.2592.56", "status": "affected", "version": "1.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft Edge for Android", "vendor": "Microsoft", "versions": [ { "lessThan": "126.0.2592.56", "status": "affected", "version": "1.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*", "versionEndExcluding": "126.0.2592.56", "versionStartIncluding": "1.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*", "versionEndExcluding": "126.0.2592.56", "versionStartIncluding": "1.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-06-13T07:00:00.000Z", "descriptions": [ { "lang": "en-US", "value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-449", "description": "CWE-449: The UI Performs the Wrong Action", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-16T00:42:36.794Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38083" } ], "title": "Microsoft Edge (Chromium-based) Spoofing Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-38083", "datePublished": "2024-06-13T19:24:39.838Z", "dateReserved": "2024-06-11T22:36:08.182Z", "dateUpdated": "2025-07-16T00:42:36.794Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-43577 (GCVE-0-2024-43577)
Vulnerability from cvelistv5
Published
2024-10-18 22:14
Modified
2025-07-08 15:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-449 - The UI Performs the Wrong Action
Summary
Microsoft Edge (Chromium-based) Spoofing Vulnerability
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Microsoft | Microsoft Edge (Chromium-based) |
Version: 1.0.0 < 130.0.2849.46 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-43577", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-21T13:53:23.541341Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-21T13:53:37.389Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "Unknown" ], "product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "versions": [ { "lessThan": "130.0.2849.46", "status": "affected", "version": "1.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", "versionEndExcluding": "130.0.2849.46", "versionStartIncluding": "1.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-10-17T07:00:00.000Z", "descriptions": [ { "lang": "en-US", "value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-449", "description": "CWE-449: The UI Performs the Wrong Action", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-08T15:39:39.127Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43577" } ], "title": "Microsoft Edge (Chromium-based) Spoofing Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-43577", "datePublished": "2024-10-18T22:14:41.787Z", "dateReserved": "2024-08-14T01:08:33.545Z", "dateUpdated": "2025-07-08T15:39:39.127Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-49041 (GCVE-0-2024-49041)
Vulnerability from cvelistv5
Published
2024-12-06 01:09
Modified
2025-05-13 15:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-449 - The UI Performs the Wrong Action
Summary
Microsoft Edge (Chromium-based) Spoofing Vulnerability
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Microsoft | Microsoft Edge (Chromium-based) |
Version: 1.0.0 < 131.0.2903.86 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49041", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-06T16:14:52.966887Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-06T16:15:08.082Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "Unknown" ], "product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "versions": [ { "lessThan": "131.0.2903.86", "status": "affected", "version": "1.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", "versionEndExcluding": "131.0.2903.86", "versionStartIncluding": "1.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-12-05T08:00:00.000Z", "descriptions": [ { "lang": "en-US", "value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-449", "description": "CWE-449: The UI Performs the Wrong Action", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-05-13T15:25:47.083Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49041" } ], "title": "Microsoft Edge (Chromium-based) Spoofing Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-49041", "datePublished": "2024-12-06T01:09:11.856Z", "dateReserved": "2024-10-11T20:57:49.186Z", "dateUpdated": "2025-05-13T15:25:47.083Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-21404 (GCVE-0-2025-21404)
Vulnerability from cvelistv5
Published
2025-02-06 22:41
Modified
2025-03-12 01:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-449 - The UI Performs the Wrong Action
Summary
Microsoft Edge (Chromium-based) Spoofing Vulnerability
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Microsoft | Microsoft Edge (Chromium-based) |
Version: 1.0.0 < 133.0.3065.51 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-21404", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-02-10T17:41:24.680937Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-451", "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-02-10T17:43:41.090Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "Unknown" ], "product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "versions": [ { "lessThan": "133.0.3065.51", "status": "affected", "version": "1.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", "versionEndExcluding": "133.0.3065.51", "versionStartIncluding": "1.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2025-02-06T08:00:00.000Z", "descriptions": [ { "lang": "en-US", "value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-449", "description": "CWE-449: The UI Performs the Wrong Action", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-03-12T01:42:22.744Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21404" } ], "title": "Microsoft Edge (Chromium-based) Spoofing Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2025-21404", "datePublished": "2025-02-06T22:41:28.453Z", "dateReserved": "2024-12-11T00:29:48.375Z", "dateUpdated": "2025-03-12T01:42:22.744Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation
Phase: Testing
Description:
- Perform extensive functionality testing of the UI. The UI should behave as specified.
No CAPEC attack patterns related to this CWE.