Information Disclosure Vulnerability in Open Enclave SDK by Microsoft
CVE-2019-1370

5.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Open Enclave Sdk
Vendor: CVE Published:; 12 November 2019

Summary

The vulnerability in the Open Enclave SDK arises from improper handling of objects in memory, leading to potential unauthorized access to sensitive information. This can expose data only intended for certain processes, allowing attackers to exploit this design flaw. Proper safeguards and timely updates are essential to mitigate risks associated with this vulnerability.

Affected Version(s)

Open Enclave SDK = unspecified

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2019
Vulnerability Reserved
Nov 26, 2018