nvd-json-data-feeds/CVE-2020/CVE-2020-08xx/CVE-2020-0884.json

{
  "id": "CVE-2020-0884",
  "sourceIdentifier": "secure@microsoft.com",
  "published": "2020-03-12T16:15:20.453",
  "lastModified": "2020-03-17T15:36:20.530",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de suplantaci\u00f3n de identidad en Microsoft Visual Studio, ya que incluye una URL de respuesta que no est\u00e1 protegida por SSL, tambi\u00e9n se conoce como \"Microsoft Visual Studio Spoofing Vulnerability\"."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "15.1",
              "versionEndIncluding": "15.8",
              "matchCriteriaId": "80B7A8C1-9168-4467-8B96-5024C6639EFB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "16.0",
              "versionEndIncluding": "16.3",
              "matchCriteriaId": "7FE5FF31-110B-4518-A0B9-E94E2840B492"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0884",
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}