NVD - CVE-2016-7191

Vulnerability Change Records for CVE-2016-7191

Change History

Initial CVE Analysis 9/29/2016 10:33:55 AM

Action	Type	Old Value	New Value
Changed	CPE Configuration	Configuration 1 OR cpe:2.3:a:microsoft:azure_active_directory_passport:2.0.0::::::: cpe:2.3:a:microsoft:azure_active_directory_passport:1.4.5::::::: (and previous)	Configuration 1 OR cpe:2.3:a:microsoft:azure_active_directory_passport:1.0.0::::::: cpe:2.3:a:microsoft:azure_active_directory_passport:1.1.0::::::: cpe:2.3:a:microsoft:azure_active_directory_passport:1.1.1::::::: cpe:2.3:a:microsoft:azure_active_directory_passport:1.2.0::::::: cpe:2.3:a:microsoft:azure_active_directory_passport:1.3.0::::::: cpe:2.3:a:microsoft:azure_active_directory_passport:1.3.1::::::: cpe:2.3:a:microsoft:azure_active_directory_passport:1.3.2::::::: cpe:2.3:a:microsoft:azure_active_directory_passport:1.3.3::::::: cpe:2.3:a:microsoft:azure_active_directory_passport:1.3.4::::::: cpe:2.3:a:microsoft:azure_active_directory_passport:1.3.5::::::: cpe:2.3:a:microsoft:azure_active_directory_passport:1.3.6::::::: cpe:2.3:a:microsoft:azure_active_directory_passport:1.4.0::::::: cpe:2.3:a:microsoft:azure_active_directory_passport:1.4.1::::::: cpe:2.3:a:microsoft:azure_active_directory_passport:1.4.2::::::: cpe:2.3:a:microsoft:azure_active_directory_passport:1.4.3::::::: cpe:2.3:a:microsoft:azure_active_directory_passport:1.4.4::::::: cpe:2.3:a:microsoft:azure_active_directory_passport:1.4.5::::::: cpe:2.3:a:microsoft:azure_active_directory_passport:2.0.0:::::::
Changed	CVSS V3	AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L	AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Removed	CWE	CWE-19
Changed	Reference Type	https://github.com/AzureAD/passport-azure-ad/blob/master/SECURITY-NOTICE.MD Mitigation, Vendor Advisory	https://github.com/AzureAD/passport-azure-ad/blob/master/SECURITY-NOTICE.MD Mitigation, Patch, Vendor Advisory
Changed	Reference Type	https://support.microsoft.com/kb/3187742 Vendor Advisory	https://support.microsoft.com/kb/3187742 Mitigation, Patch, Vendor Advisory

Initial CVE Analysis 9/29/2016 10:33:55 AM

Action	Type	Old Value	New Value
Changed	CPE Configuration	Configuration 1 OR	Configuration 1 OR cpe:2.3:a:microsoft:azure_active_directory_passport:2.0.0::::::: cpe:2.3:a:microsoft:azure_active_directory_passport:1.4.5::::::: (and previous)
Added	CVSS V2		(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Added	CVSS V3		AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Added	CWE		CWE-19
Added	CWE		CWE-287
Changed	Reference Type	https://github.com/AzureAD/passport-azure-ad/blob/master/SECURITY-NOTICE.MD No Types Assigned	https://github.com/AzureAD/passport-azure-ad/blob/master/SECURITY-NOTICE.MD Mitigation, Vendor Advisory
Changed	Reference Type	https://support.microsoft.com/kb/3187742 Mitigation, Patch, Vendor Advisory	https://support.microsoft.com/kb/3187742 Vendor Advisory