CVE-2018-8360

CWE-200Information Exposure4 documents4 sources
Severity
7.5HIGH
EPSS
14.1%
top 5.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Microsoft .net FrameworkMicrosoft .net Framework
Timeline
PublishedAug 15
Latest updateMay 14

Description

An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDmicrosoft/.net_framework11 versions+10
CVEListV5microsoft/microsoft_.net_framework69 versions+68

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-hjgc-3qw9-7c94: An information disclosure vulnerability exists in Microsoft2022-05-14
CVEList
CVE-2018-8360: An information disclosure vulnerability exists in Microsoft2018-08-15

📋Vendor Advisories

1
Microsoft
.NET Framework Information Disclosure Vulnerability2018-08-14
CVE-2018-8360 (HIGH CVSS 7.5) | An information disclosure vulnerabi | cvebase.io