The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.25. It is, therefore, affected by multiple vulnerabilities as referenced in the September 1, 2022 advisory.
– Use after free in Network Service. (CVE-2022-3038)
– Use after free in WebSQL. (CVE-2022-3039, CVE-2022-3041)
– Use after free in Layout. (CVE-2022-3040)
– Inappropriate implementation in Site Isolation. (CVE-2022-3044)
– Insufficient validation of untrusted input in V8. (CVE-2022-3045)
– Use after free in Browser Tag. (CVE-2022-3046)
– Insufficient policy enforcement in Extensions API. (CVE-2022-3047)
– Inappropriate implementation in Pointer Lock. (CVE-2022-3053)
– Insufficient policy enforcement in DevTools. (CVE-2022-3054)
– Use after free in Passwords. (CVE-2022-3055)
– Insufficient policy enforcement in Content Security Policy. (CVE-2022-3056)
– Inappropriate implementation in iframe Sandbox. (CVE-2022-3057)
– Use after free in Sign-In Flow. (CVE-2022-3058)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More
References
Back to Main