Описание
.NET Spoofing Vulnerability
FAQ
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to successfully execute a blind XXE attack.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?
Confidentiality is High, if an attacker successfuly exploits this it is information disclosure. While the attacker could read files that shouldn't be exposed, they wouldn't have the ability to modify them in any way (Integrity) or delete them to stop the app or server from functioning (Availability).
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | ||
| .NET Core 3.1 | ||
| PowerShell 7.0 | ||
| Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) | ||
| Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | ||
| Microsoft Visual Studio 2022 version 17.0 | ||
| PowerShell 7.2 | ||
| .NET 6.0 | ||
| Microsoft Visual Studio 2022 version 17.2 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
5.9 Medium
CVSS3
EPSS
5.9 Medium
CVSS3