SB2021090306 - Multiple vulnerabilities in Microsoft Edge for Android

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021090306

SB2021090306 - Multiple vulnerabilities in Microsoft Edge for Android

Published: September 3, 2021

Security Bulletin ID SB2021090306
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2021-26439)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in the Microsoft Edge for Android. An attacker with physical access can gain unauthorized access to sensitive information on the system.


2) Spoofing attack (CVE-ID: CVE-2021-38641)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data in the Microsoft Edge for Android. A remote attacker can spoof page content.


Remediation

Install update from vendor's website.

References