Main Vulnerability Database Vulnerabilities #VU56292

Information disclosure in Microsoft Edge for Android - CVE-2021-26439

Published: September 3, 2021

Vulnerability identifier: #VU56292

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-26439

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft Edge for Android

Software vendor:
Microsoft

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in the Microsoft Edge for Android. An attacker with physical access can gain unauthorized access to sensitive information on the system.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26439

Information disclosure in Microsoft Edge for Android - CVE-2021-26439

Description

Remediation

External links

Please verify you're human