{"containers": {"cna": {"affected": [{"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "unspecified"}]}, {"product": "Microsoft Visual Studio 2019", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "16.0"}]}, {"product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "unspecified"}]}], "descriptions": [{"lang": "en", "value": "A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'."}], "problemTypes": [{"descriptions": [{"description": "Spoofing", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-12T15:48:53.000Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0884"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-0884", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", "version": {"version_data": [{"version_value": ""}]}}, {"product_name": "Microsoft Visual Studio 2019", "version": {"version_data": [{"version_value": "16.0"}]}}, {"product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", "version": {"version_data": [{"version_value": ""}]}}]}, "vendor_name": "Microsoft"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Spoofing"}]}]}, "references": {"reference_data": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0884", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0884"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:18:03.533Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0884"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-0884", "datePublished": "2020-03-12T15:48:53.000Z", "dateReserved": "2019-11-04T00:00:00.000Z", "dateUpdated": "2024-08-04T06:18:03.533Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", "matchCriteriaId": "80B7A8C1-9168-4467-8B96-5024C6639EFB", "versionEndIncluding": "15.8", "versionStartIncluding": "15.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FE5FF31-110B-4518-A0B9-E94E2840B492", "versionEndIncluding": "16.3", "versionStartIncluding": "16.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'."}, {"lang": "es", "value": "Existe una vulnerabilidad de suplantaci\u00f3n de identidad en Microsoft Visual Studio, ya que incluye una URL de respuesta que no est\u00e1 protegida por SSL, tambi\u00e9n se conoce como \"Microsoft Visual Studio Spoofing Vulnerability\"."}], "id": "CVE-2020-0884", "lastModified": "2024-11-21T04:54:23.923", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-12T16:15:20.453", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0884"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0884"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}