CVE-2023-36899

CWE-20 — Improper Input Validation3 documents3 sources

Severity

8.8HIGH

No vector

EPSS

70.0%

top 1.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

9

Microsoft Microsoft .net Framework 2.0 Service Pack 2 Microsoft Microsoft .net Framework 3.5 AND 4.6.2 Microsoft Microsoft .net Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 +6 more

Timeline

PublishedAug 8

Description

ASP.NET Elevation of Privilege Vulnerability ASP.NET Elevation of Privilege Vulnerability

Affected Packages9 packages

▶CVEListV5microsoft/microsoft_.net_framework_4.84.8.0 — 4.8.4654.06

▶CVEListV5microsoft/microsoft_.net_framework_4.6.24.7.0 — 4.7.04057.05

▶CVEListV5microsoft/microsoft_.net_framework_3.5_and_4.84.8.0 — 4.8.04654.06

▶CVEListV5microsoft/microsoft_.net_framework_3.5_and_4.6.24.7.0 — 10.0.10240.20107

▶CVEListV5microsoft/microsoft_.net_framework_3.5_and_4.7.24.7.0 — 4.7.4057.05

🔴Vulnerability Details

2

CVEList

ASP.NET Elevation of Privilege Vulnerability↗2023-08-08

▶

VulnCheck

Microsoft .NET Framework Improper Input Validation↗2023

▶

📋Vendor Advisories

1

Microsoft

ASP.NET Elevation of Privilege Vulnerability↗2023-08-08

▶