Описание
The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure Vulnerability."
Ссылки
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.37038
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-310
Связанные уязвимости
CVSS3: 7.5
github
около 3 лет назад
The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure Vulnerability."
EPSS
Процентиль: 97%
0.37038
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-310