CVE-2024-21320

Windows Themes Spoofing Vulnerability

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows 10 1507 Version < 10.0.10240.20402

Microsoft ≫ Windows 10 1607 Version < 10.0.14393.6614

Microsoft ≫ Windows 10 1809 Version < 10.0.17763.5329

Microsoft ≫ Windows 10 21h2 Version < 10.0.19044.3930

Microsoft ≫ Windows 10 22h2 Version < 10.0.19045.3930

Microsoft ≫ Windows 11 21h2 Version < 10.0.22000.2713

Microsoft ≫ Windows 11 22h2 Version < 10.0.22621.3007

Microsoft ≫ Windows 11 23h2 Version < 10.0.22631.3007

Microsoft ≫ Windows Server 2016 Version < 10.0.14393.6614

Microsoft ≫ Windows Server 2019 Version < 10.0.17763.5329

Microsoft ≫ Windows Server 2022 Version < 10.0.20348.2227

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	22.25%	0.956

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
secure@microsoft.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Patch

Vendor Advisory

CVE Source (NVD)

CVE Source (JSON)

EUVD