Описание
Bot Framework SDK Information Disclosure Vulnerability
FAQ
How do I know if I need to install the update?
Customers using Bot Framework SDK with versions shown in the Security Update Applies To column in the following table affected by this vulnerability.
| SDK | Unaffected Versions Prior To | Security Update Applies To | Unaffected Versions Greater Than |
|---|---|---|---|
| .NET Framework | 4.6.0 | 4.6.0 - 4.10.2 | 4.10.2 |
| JavaScript | 4.7.0 | 4.7.0 - 4.10.1 | 4.10.1 |
| Python | 4.7.0 | 4.7.0 - 4.10.0 | 4.10.0 |
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Bot Framework SDK for .NET Framework | ||
| Bot Framework SDK for JavaScript | ||
| Bot Framework SDK for Python |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
botframework-connector vulnerable to Improper Authentication
Уязвимость пакета Bot Framework SDK, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
5.5 Medium
CVSS3