Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-41064 (GCVE-0-2022-41064)
Vulnerability from cvelistv5 – Published: 2022-11-09 00:00 – Updated: 2025-01-02 21:31
VLAI
EPSS
Title
.NET Framework Information Disclosure Vulnerability
Summary
.NET Framework Information Disclosure Vulnerability
Severity
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Nuget 2.1.2 |
Affected:
1.0.0 , < 2.1.2
(custom)
|
|
| Microsoft | Nuget 4.8.5 |
Affected:
1.0.0 , < 4.8.4
(custom)
|
|
| Microsoft | Microsoft .NET Framework 4.8 |
Affected:
4.8.0 , < 4.8.04584.08
(custom)
|
|
| Microsoft | Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 |
Affected:
3.0.0.0 , < 10.0.14393.5501
(custom)
|
|
| Microsoft | Microsoft .NET Framework 4.7.2 |
Affected:
10.0.0.0 , < 10.0.04005.02
(custom)
|
|
| Microsoft | Microsoft .NET Framework 4.8.1 |
Affected:
4.8.0.0 , < 4.8.09110.07
(custom)
|
|
| Microsoft | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 |
Affected:
4.7.0 , < 4.7.04005.02
(custom)
|
|
| Microsoft | Microsoft .NET Framework 4.6.2 |
Affected:
4.7.0 , < 4.7.04005.02
(custom)
|
|
| Microsoft | Microsoft .NET Framework 4.6/4.6.2 |
Affected:
10.0.0.0 , < 10.0.10240.19567
(custom)
|
Date Public
2022-11-08 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:35:49.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41064"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41064",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T16:53:52.129393Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:54:07.410Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Nuget 2.1.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.1.2",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Nuget 4.8.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.4",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows Server 2012 R2",
"Windows 10 Version 1809 for 32-bit Systems",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2019",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"Windows 10 Version 21H1 for 32-bit Systems",
"Windows 10 Version 1809 for x64-based Systems",
"Windows 8.1 for x64-based systems",
"Windows 8.1 for 32-bit systems",
"Windows Server 2016",
"Windows 10 Version 20H2 for ARM64-based Systems",
"Windows 10 Version 1607 for 32-bit Systems",
"Windows Server 2012",
"Windows Server 2012 R2 (Server Core installation)",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 7 for 32-bit Systems Service Pack 1",
"Windows 10 Version 21H1 for x64-based Systems",
"Windows RT 8.1",
"Windows Server 2016 (Server Core installation)",
"Windows Server 2012 (Server Core installation)",
"Windows 10 Version 20H2 for 32-bit Systems",
"Windows 10 Version 21H1 for ARM64-based Systems",
"Windows 10 Version 1607 for x64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows Server 2019 (Server Core installation)",
"Windows 7 for x64-based Systems Service Pack 1",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.04584.08",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1607 for 32-bit Systems",
"Windows Server 2016",
"Windows 10 Version 1607 for x64-based Systems",
"Windows Server 2016 (Server Core installation)"
],
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.5501",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 1809 for x64-based Systems",
"Windows 10 Version 1809 for 32-bit Systems",
"Windows 10 Version 1809 for ARM64-based Systems",
"Windows Server 2019 (Server Core installation)",
"Windows Server 2019"
],
"product": "Microsoft .NET Framework 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.04005.02",
"status": "affected",
"version": "10.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 Version 21H1 for x64-based Systems",
"Windows 10 Version 21H1 for ARM64-based Systems",
"Windows 10 Version 21H1 for 32-bit Systems",
"Windows 10 Version 21H2 for 32-bit Systems",
"Windows 10 Version 21H2 for ARM64-based Systems",
"Windows 10 Version 21H2 for x64-based Systems",
"Windows 11 Version 22H2 for x64-based Systems",
"Windows 11 version 21H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for 32-bit Systems",
"Windows 10 Version 22H2 for ARM64-based Systems",
"Windows 11 Version 22H2 for ARM64-based Systems",
"Windows 10 Version 22H2 for x64-based Systems",
"Windows 11 version 21H2 for x64-based Systems",
"Windows 10 Version 20H2 for ARM64-based Systems",
"Windows 10 Version 20H2 for 32-bit Systems",
"Windows Server 2022",
"Windows Server 2022 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.8.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.8.09110.07",
"status": "affected",
"version": "4.8.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2012 (Server Core installation)",
"Windows 7 for x64-based Systems Service Pack 1",
"Windows Server 2012",
"Windows Server 2012 R2 (Server Core installation)",
"Windows 8.1 for x64-based systems",
"Windows 8.1 for 32-bit systems",
"Windows RT 8.1",
"Windows 7 for 32-bit Systems Service Pack 1",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"Windows Server 2012 R2",
"Windows Server 2008 R2 for x64-based Systems Service Pack 1"
],
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04005.02",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows Server 2008 for x64-based Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2",
"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
],
"product": "Microsoft .NET Framework 4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.7.04005.02",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows 10 for 32-bit Systems",
"Windows 10 for x64-based Systems"
],
"product": "Microsoft .NET Framework 4.6/4.6.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.19567",
"status": "affected",
"version": "10.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.2",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.4",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.04584.08",
"versionStartIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.5501",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.04005.02",
"versionStartIncluding": "10.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.09110.07",
"versionStartIncluding": "4.8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.04005.02",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.7.04005.02",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.19567",
"versionStartIncluding": "10.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-11-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": ".NET Framework Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T21:31:25.543Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET Framework Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064"
}
],
"title": ".NET Framework Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-41064",
"datePublished": "2022-11-09T00:00:00.000Z",
"dateReserved": "2022-09-19T00:00:00.000Z",
"dateUpdated": "2025-01-02T21:31:25.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-41064",
"date": "2026-05-27",
"epss": "0.00189",
"percentile": "0.40429"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"934D4E46-12C1-41DC-A28C-A2C430E965E4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"821614DD-37DD-44E2-A8A4-FE8D23A33C3C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*\", \"matchCriteriaId\": \"2127D10C-B6F3-4C1D-B9AA-5D78513CC996\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*\", \"matchCriteriaId\": \"AB425562-C0A0-452E-AABE-F70522F15E1A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"734112B3-1383-4BE3-8721-C0F84566B764\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36B0E40A-84EF-4099-A395-75D6B8CDA196\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EF7A75E-EE27-4AA7-8D84-9D696728A4CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6CE5198-C498-4672-AF4C-77AB4BE06C5C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36559BC0-44D7-48B3-86FF-1BFF0257B5ED\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"934D4E46-12C1-41DC-A28C-A2C430E965E4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*\", \"matchCriteriaId\": \"49A4BBDA-0389-4171-AA49-6837F7DF4454\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"F8C238FA-B20F-40A5-B861-A8295858F4BE\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"56513BCA-A9F5-4112-BDE6-77E9B8D2677E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"734112B3-1383-4BE3-8721-C0F84566B764\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36B0E40A-84EF-4099-A395-75D6B8CDA196\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EF7A75E-EE27-4AA7-8D84-9D696728A4CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*\", \"matchCriteriaId\": \"7FE8B00B-4F39-4755-A323-8AD71F5E3EBE\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*\", \"matchCriteriaId\": \"06BBFA69-94E2-4BAB-AFD3-BC434B11D106\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"934D4E46-12C1-41DC-A28C-A2C430E965E4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*\", \"matchCriteriaId\": \"665EA912-D724-41EB-86A9-24EB4FE87B54\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"77E07B96-EAAA-4DD6-9172-0DE98A36726F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"B846A736-E77C-4665-B28B-4E511880D575\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"934D4E46-12C1-41DC-A28C-A2C430E965E4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*\", \"matchCriteriaId\": \"610B33F9-0309-4CF7-B7E4-5152D9B2FFE4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"21074553-EDF2-468D-8E79-C39851B5BC79\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"4E62F9CB-D1B6-4B4D-BCCD-7F4D36A73B4D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"934D4E46-12C1-41DC-A28C-A2C430E965E4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:22h2:*:*:*:*:*:arm64:*\", \"matchCriteriaId\": \"B1BD50A5-4D8C-4A68-AA8A-F4C30A96A797\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:22h2:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"53DF53AD-6C26-4E21-9B4C-BCA54B1A0A69\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:22h2:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"C29D3337-675F-4BE3-A07F-8047A9D1B9B1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"734112B3-1383-4BE3-8721-C0F84566B764\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36B0E40A-84EF-4099-A395-75D6B8CDA196\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EF7A75E-EE27-4AA7-8D84-9D696728A4CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EF7A75E-EE27-4AA7-8D84-9D696728A4CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*\", \"matchCriteriaId\": \"925B8C67-C96F-4A4D-9BE7-CCCD78EF3C31\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"6CF580BA-6938-40F6-9D86-F43044A6BACA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"C5E038AA-514F-48AC-B45E-859EE32525B4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"897A48D7-FCA1-4560-AFBB-718AF19BA3A2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"507EB48C-F479-424C-8ABA-C279AB4FE3F4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EF7A75E-EE27-4AA7-8D84-9D696728A4CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB79EE26-FC32-417D-A49C-A1A63165A968\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"734112B3-1383-4BE3-8721-C0F84566B764\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36B0E40A-84EF-4099-A395-75D6B8CDA196\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EF7A75E-EE27-4AA7-8D84-9D696728A4CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"C936FD4F-959C-43B8-9917-E2A0DF4A8793\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"DF8ABB14-84CF-4BBC-99C9-DA6C0F7A0619\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"084984D5-D241-497B-B118-50C6C1EAD468\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"BA592626-F17C-4F46-823B-0947D102BBD2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"934D4E46-12C1-41DC-A28C-A2C430E965E4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"5D7F7DDB-440E-42CD-82F4-B2C13F3CC462\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"62B9100B-206D-4FD1-8D23-A355DCA37460\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.1.4\", \"matchCriteriaId\": \"6059BB72-7C2E-45CD-AA88-89CF8A93518B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0.0\", \"versionEndExcluding\": \"2.1.2\", \"matchCriteriaId\": \"8607DBC3-2EF6-41B7-B0B1-48FEDE82C284\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndExcluding\": \"4.8.5\", \"matchCriteriaId\": \"B7160A6F-A86F-4BAF-B5AD-D710C772B409\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \".NET Framework Information Disclosure Vulnerability\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de divulgaci\\u00f3n de informaci\\u00f3n de .NET Framework\"}]",
"id": "CVE-2022-41064",
"lastModified": "2025-01-02T22:15:22.180",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@microsoft.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 5.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.3, \"impactScore\": 4.0}]}",
"published": "2022-11-09T22:15:20.917",
"references": "[{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41064\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-41064\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2022-11-09T22:15:20.917\",\"lastModified\":\"2025-01-02T22:15:22.180\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\".NET Framework Information Disclosure Vulnerability\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de .NET Framework\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":5.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.3,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"934D4E46-12C1-41DC-A28C-A2C430E965E4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"821614DD-37DD-44E2-A8A4-FE8D23A33C3C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*\",\"matchCriteriaId\":\"2127D10C-B6F3-4C1D-B9AA-5D78513CC996\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*\",\"matchCriteriaId\":\"AB425562-C0A0-452E-AABE-F70522F15E1A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"734112B3-1383-4BE3-8721-C0F84566B764\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36B0E40A-84EF-4099-A395-75D6B8CDA196\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EF7A75E-EE27-4AA7-8D84-9D696728A4CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6CE5198-C498-4672-AF4C-77AB4BE06C5C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36559BC0-44D7-48B3-86FF-1BFF0257B5ED\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"934D4E46-12C1-41DC-A28C-A2C430E965E4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*\",\"matchCriteriaId\":\"49A4BBDA-0389-4171-AA49-6837F7DF4454\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"F8C238FA-B20F-40A5-B861-A8295858F4BE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"56513BCA-A9F5-4112-BDE6-77E9B8D2677E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"734112B3-1383-4BE3-8721-C0F84566B764\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36B0E40A-84EF-4099-A395-75D6B8CDA196\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EF7A75E-EE27-4AA7-8D84-9D696728A4CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"7FE8B00B-4F39-4755-A323-8AD71F5E3EBE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*\",\"matchCriteriaId\":\"06BBFA69-94E2-4BAB-AFD3-BC434B11D106\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"934D4E46-12C1-41DC-A28C-A2C430E965E4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*\",\"matchCriteriaId\":\"665EA912-D724-41EB-86A9-24EB4FE87B54\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"77E07B96-EAAA-4DD6-9172-0DE98A36726F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"B846A736-E77C-4665-B28B-4E511880D575\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"934D4E46-12C1-41DC-A28C-A2C430E965E4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*\",\"matchCriteriaId\":\"610B33F9-0309-4CF7-B7E4-5152D9B2FFE4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"21074553-EDF2-468D-8E79-C39851B5BC79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"4E62F9CB-D1B6-4B4D-BCCD-7F4D36A73B4D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"934D4E46-12C1-41DC-A28C-A2C430E965E4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:22h2:*:*:*:*:*:arm64:*\",\"matchCriteriaId\":\"B1BD50A5-4D8C-4A68-AA8A-F4C30A96A797\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:22h2:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"53DF53AD-6C26-4E21-9B4C-BCA54B1A0A69\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:22h2:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"C29D3337-675F-4BE3-A07F-8047A9D1B9B1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"734112B3-1383-4BE3-8721-C0F84566B764\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36B0E40A-84EF-4099-A395-75D6B8CDA196\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EF7A75E-EE27-4AA7-8D84-9D696728A4CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EF7A75E-EE27-4AA7-8D84-9D696728A4CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*\",\"matchCriteriaId\":\"925B8C67-C96F-4A4D-9BE7-CCCD78EF3C31\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"6CF580BA-6938-40F6-9D86-F43044A6BACA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"C5E038AA-514F-48AC-B45E-859EE32525B4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"897A48D7-FCA1-4560-AFBB-718AF19BA3A2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"507EB48C-F479-424C-8ABA-C279AB4FE3F4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EF7A75E-EE27-4AA7-8D84-9D696728A4CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB79EE26-FC32-417D-A49C-A1A63165A968\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"734112B3-1383-4BE3-8721-C0F84566B764\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36B0E40A-84EF-4099-A395-75D6B8CDA196\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EF7A75E-EE27-4AA7-8D84-9D696728A4CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"C936FD4F-959C-43B8-9917-E2A0DF4A8793\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"DF8ABB14-84CF-4BBC-99C9-DA6C0F7A0619\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"084984D5-D241-497B-B118-50C6C1EAD468\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"BA592626-F17C-4F46-823B-0947D102BBD2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3F18AF-84ED-473B-A8DF-65EB23C475AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"934D4E46-12C1-41DC-A28C-A2C430E965E4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"5D7F7DDB-440E-42CD-82F4-B2C13F3CC462\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"62B9100B-206D-4FD1-8D23-A355DCA37460\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.1.4\",\"matchCriteriaId\":\"6059BB72-7C2E-45CD-AA88-89CF8A93518B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.1.2\",\"matchCriteriaId\":\"8607DBC3-2EF6-41B7-B0B1-48FEDE82C284\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"4.8.5\",\"matchCriteriaId\":\"B7160A6F-A86F-4BAF-B5AD-D710C772B409\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41064\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41064\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:35:49.240Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-41064\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-10T16:53:52.129393Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-10T16:54:03.209Z\"}}], \"cna\": {\"title\": \".NET Framework Information Disclosure Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.8, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Nuget 2.1.2\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\", \"lessThan\": \"2.1.2\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Nuget 4.8.5\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\", \"lessThan\": \"4.8.4\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft .NET Framework 4.8\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.8.0\", \"lessThan\": \"4.8.04584.08\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows 10 Version 21H2 for ARM64-based Systems\", \"Windows Server 2012 R2\", \"Windows 10 Version 1809 for 32-bit Systems\", \"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)\", \"Windows Server 2019\", \"Windows Server 2008 R2 for x64-based Systems Service Pack 1\", \"Windows 10 Version 21H1 for 32-bit Systems\", \"Windows 10 Version 1809 for x64-based Systems\", \"Windows 8.1 for x64-based systems\", \"Windows 8.1 for 32-bit systems\", \"Windows Server 2016\", \"Windows 10 Version 20H2 for ARM64-based Systems\", \"Windows 10 Version 1607 for 32-bit Systems\", \"Windows Server 2012\", \"Windows Server 2012 R2 (Server Core installation)\", \"Windows 10 Version 21H2 for 32-bit Systems\", \"Windows 7 for 32-bit Systems Service Pack 1\", \"Windows 10 Version 21H1 for x64-based Systems\", \"Windows RT 8.1\", \"Windows Server 2016 (Server Core installation)\", \"Windows Server 2012 (Server Core installation)\", \"Windows 10 Version 20H2 for 32-bit Systems\", \"Windows 10 Version 21H1 for ARM64-based Systems\", \"Windows 10 Version 1607 for x64-based Systems\", \"Windows 10 Version 21H2 for x64-based Systems\", \"Windows Server 2019 (Server Core installation)\", \"Windows 7 for x64-based Systems Service Pack 1\", \"Windows 10 Version 22H2 for x64-based Systems\", \"Windows 10 Version 22H2 for ARM64-based Systems\", \"Windows 11 version 21H2 for ARM64-based Systems\", \"Windows 10 Version 22H2 for 32-bit Systems\", \"Windows 11 version 21H2 for x64-based Systems\", \"Windows 10 Version 1809 for ARM64-based Systems\", \"Windows Server 2022\", \"Windows Server 2022 (Server Core installation)\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0.0\", \"lessThan\": \"10.0.14393.5501\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows 10 Version 1607 for 32-bit Systems\", \"Windows Server 2016\", \"Windows 10 Version 1607 for x64-based Systems\", \"Windows Server 2016 (Server Core installation)\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft .NET Framework 4.7.2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0.0\", \"lessThan\": \"10.0.04005.02\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows 10 Version 1809 for x64-based Systems\", \"Windows 10 Version 1809 for 32-bit Systems\", \"Windows 10 Version 1809 for ARM64-based Systems\", \"Windows Server 2019 (Server Core installation)\", \"Windows Server 2019\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft .NET Framework 4.8.1\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.8.0.0\", \"lessThan\": \"4.8.09110.07\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows 10 Version 21H1 for x64-based Systems\", \"Windows 10 Version 21H1 for ARM64-based Systems\", \"Windows 10 Version 21H1 for 32-bit Systems\", \"Windows 10 Version 21H2 for 32-bit Systems\", \"Windows 10 Version 21H2 for ARM64-based Systems\", \"Windows 10 Version 21H2 for x64-based Systems\", \"Windows 11 Version 22H2 for x64-based Systems\", \"Windows 11 version 21H2 for ARM64-based Systems\", \"Windows 10 Version 22H2 for 32-bit Systems\", \"Windows 10 Version 22H2 for ARM64-based Systems\", \"Windows 11 Version 22H2 for ARM64-based Systems\", \"Windows 10 Version 22H2 for x64-based Systems\", \"Windows 11 version 21H2 for x64-based Systems\", \"Windows 10 Version 20H2 for ARM64-based Systems\", \"Windows 10 Version 20H2 for 32-bit Systems\", \"Windows Server 2022\", \"Windows Server 2022 (Server Core installation)\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.7.0\", \"lessThan\": \"4.7.04005.02\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows Server 2012 (Server Core installation)\", \"Windows 7 for x64-based Systems Service Pack 1\", \"Windows Server 2012\", \"Windows Server 2012 R2 (Server Core installation)\", \"Windows 8.1 for x64-based systems\", \"Windows 8.1 for 32-bit systems\", \"Windows RT 8.1\", \"Windows 7 for 32-bit Systems Service Pack 1\", \"Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)\", \"Windows Server 2012 R2\", \"Windows Server 2008 R2 for x64-based Systems Service Pack 1\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft .NET Framework 4.6.2\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.7.0\", \"lessThan\": \"4.7.04005.02\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows Server 2008 for x64-based Systems Service Pack 2\", \"Windows Server 2008 for 32-bit Systems Service Pack 2\", \"Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)\", \"Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft .NET Framework 4.6/4.6.2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0.0\", \"lessThan\": \"10.0.10240.19567\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows 10 for 32-bit Systems\", \"Windows 10 for x64-based Systems\"]}], \"datePublic\": \"2022-11-08T08:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064\", \"name\": \".NET Framework Information Disclosure Vulnerability\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \".NET Framework Information Disclosure Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"Impact\", \"description\": \"Information Disclosure\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"2.1.2\", \"versionStartIncluding\": \"1.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.4\", \"versionStartIncluding\": \"1.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.04584.08\", \"versionStartIncluding\": \"4.8.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.14393.5501\", \"versionStartIncluding\": \"3.0.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.04005.02\", \"versionStartIncluding\": \"10.0.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.8.09110.07\", \"versionStartIncluding\": \"4.8.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.7.04005.02\", \"versionStartIncluding\": \"4.7.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.7.04005.02\", \"versionStartIncluding\": \"4.7.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.10240.19567\", \"versionStartIncluding\": \"10.0.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2025-01-02T21:31:25.543Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-41064\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-02T21:31:25.543Z\", \"dateReserved\": \"2022-09-19T00:00:00.000Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2022-11-09T00:00:00.000Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2022-AVI-1013
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans Microsoft .Net. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft .NET Framework 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41064"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41064 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064"
}
],
"reference": "CERTFR-2022-AVI-1013",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft\n.Net\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2022-AVI-1015
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code à distance, une élévation de privilèges, une usurpation d'identité, un contournement de la fonctionnalité de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Dynamics NAV 2018 | ||
| Microsoft | N/A | Microsoft Exchange Server 2013 Cumulative Update 23 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.0 | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2022 Release Wave 2 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.3 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.2 | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 11 | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2022 Release Wave 1 | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 22 | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 23 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour 64 bits Systems | ||
| Microsoft | N/A | Nuget 2.1.2 | ||
| Microsoft | N/A | Dynamics 365 Business Central Spring 2019 Update | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 12 | ||
| Microsoft | N/A | Nuget 4.8.5 | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2021 Release Wave 2 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Dynamics NAV 2018",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2013 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 22",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour 64 bits Systems",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuget 2.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Dynamics 365 Business Central Spring 2019 Update",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuget 4.8.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-41063",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41063"
},
{
"name": "CVE-2022-41105",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41105"
},
{
"name": "CVE-2022-41119",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41119"
},
{
"name": "CVE-2022-41061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41061"
},
{
"name": "CVE-2022-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41066"
},
{
"name": "CVE-2022-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41064"
},
{
"name": "CVE-2022-41107",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41107"
},
{
"name": "CVE-2022-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41123"
},
{
"name": "CVE-2022-41103",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41103"
},
{
"name": "CVE-2022-41079",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41079"
},
{
"name": "CVE-2022-41106",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41106"
},
{
"name": "CVE-2022-41060",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41060"
},
{
"name": "CVE-2022-41104",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41104"
},
{
"name": "CVE-2022-41078",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41078"
},
{
"name": "CVE-2022-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41080"
},
{
"name": "CVE-2022-39253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39253"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-39253 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-39253"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41104 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41104"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41060 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41060"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41063 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41063"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41106 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41106"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41080 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41079 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41107 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41107"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41103 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41103"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41066 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41064 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41105 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41105"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41078 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41078"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41123 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41123"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41061 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41061"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41119 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41119"
}
],
"reference": "CERTFR-2022-AVI-1015",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-09T00:00:00.000000"
},
{
"description": "Ajout de syst\u00e8mes affect\u00e9s de la famille Microsoft Dynamics suite \u00e0 la mise \u00e0 jour du bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41066 du 08 novembre 2022.",
"revision_date": "2022-11-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code \u00e0 distance, une \u00e9l\u00e9vation\nde privil\u00e8ges, une usurpation d\u0027identit\u00e9, un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2022-AVI-1013
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans Microsoft .Net. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft .NET Framework 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41064"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41064 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064"
}
],
"reference": "CERTFR-2022-AVI-1013",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft\n.Net\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2022-AVI-1015
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code à distance, une élévation de privilèges, une usurpation d'identité, un contournement de la fonctionnalité de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Dynamics NAV 2018 | ||
| Microsoft | N/A | Microsoft Exchange Server 2013 Cumulative Update 23 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.0 | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2022 Release Wave 2 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.3 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.2 | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 11 | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2022 Release Wave 1 | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 22 | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 23 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour 64 bits Systems | ||
| Microsoft | N/A | Nuget 2.1.2 | ||
| Microsoft | N/A | Dynamics 365 Business Central Spring 2019 Update | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 12 | ||
| Microsoft | N/A | Nuget 4.8.5 | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2021 Release Wave 2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Dynamics NAV 2018",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2013 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 22",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour 64 bits Systems",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuget 2.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Dynamics 365 Business Central Spring 2019 Update",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuget 4.8.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-41063",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41063"
},
{
"name": "CVE-2022-41105",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41105"
},
{
"name": "CVE-2022-41119",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41119"
},
{
"name": "CVE-2022-41061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41061"
},
{
"name": "CVE-2022-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41066"
},
{
"name": "CVE-2022-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41064"
},
{
"name": "CVE-2022-41107",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41107"
},
{
"name": "CVE-2022-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41123"
},
{
"name": "CVE-2022-41103",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41103"
},
{
"name": "CVE-2022-41079",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41079"
},
{
"name": "CVE-2022-41106",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41106"
},
{
"name": "CVE-2022-41060",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41060"
},
{
"name": "CVE-2022-41104",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41104"
},
{
"name": "CVE-2022-41078",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41078"
},
{
"name": "CVE-2022-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41080"
},
{
"name": "CVE-2022-39253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39253"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-39253 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-39253"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41104 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41104"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41060 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41060"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41063 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41063"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41106 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41106"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41080 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41079 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41107 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41107"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41103 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41103"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41066 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41064 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41105 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41105"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41078 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41078"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41123 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41123"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41061 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41061"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41119 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41119"
}
],
"reference": "CERTFR-2022-AVI-1015",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-09T00:00:00.000000"
},
{
"description": "Ajout de syst\u00e8mes affect\u00e9s de la famille Microsoft Dynamics suite \u00e0 la mise \u00e0 jour du bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41066 du 08 novembre 2022.",
"revision_date": "2022-11-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code \u00e0 distance, une \u00e9l\u00e9vation\nde privil\u00e8ges, une usurpation d\u0027identit\u00e9, un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
BDU:2022-07003
Vulnerability from fstec - Published: 08.11.2022
VLAI
Title
Уязвимость программной платформы Microsoft.NET Framework, связанная с раскрытием информации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Description
Уязвимость программной платформы Microsoft.NET Framework связана с раскрытием информации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации
Severity
Vendor
Microsoft Corp
Software Name
Microsoft .NET Framework 4.7, Microsoft .NET Framework 4.6.2, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.8, Nuget, Microsoft .NET Framework 4.8.1
Software Version
- (Microsoft .NET Framework 4.7), - (Microsoft .NET Framework 4.6.2), - (Microsoft .NET Framework 4.7.1), - (Microsoft .NET Framework 4.7.2), - (Microsoft .NET Framework 4.8), 2.1.2 (Nuget), 4.8.5 (Nuget), - (Microsoft .NET Framework 4.8.1)
Possible Mitigations
Использование рекомендаций производителя:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41064
Reference
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41064
CWE
CWE-200
{
"CVSS 2.0": "AV:A/AC:H/Au:S/C:C/I:N/A:N",
"CVSS 3.0": "AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "TO1, TO43",
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": "TO1 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u043f\u0430\u043a\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f .NET Framework 3.5 \u0438 4.8 \u0434\u043b\u044f Windows 10 22H2 \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (KB5020613), TO43 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET Framework 3.5 \u0438 4.7.2 \u0434\u043b\u044f Windows 10 1809 \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (KB5020627)",
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Microsoft .NET Framework 4.7), - (Microsoft .NET Framework 4.6.2), - (Microsoft .NET Framework 4.7.1), - (Microsoft .NET Framework 4.7.2), - (Microsoft .NET Framework 4.8), 2.1.2 (Nuget), 4.8.5 (Nuget), - (Microsoft .NET Framework 4.8.1)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41064",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "08.11.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.11.2022",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.11.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-07003",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-41064",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft .NET Framework 4.7, Microsoft .NET Framework 4.6.2, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.8, Nuget, Microsoft .NET Framework 4.8.1",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Microsoft Corp Windows 7 Service Pack 1 - 64-bit, Microsoft Corp Windows Server 2008 Service Pack 2 - 32-bit, Microsoft Corp Windows 7 Service Pack 1 - 32-bit, Microsoft Corp Windows 8.1 - 64-bit, Microsoft Corp Windows 8.1 - 32-bit, Microsoft Corp Windows Server 2008 Service Pack 2 - 64-bit, Microsoft Corp Windows Server 2012 - , Microsoft Corp Windows Server 2012 R2 - , Microsoft Corp Windows Server 2008 R2 Service Pack 1 - 64-bit, Microsoft Corp Windows 10 - 64-bit, Microsoft Corp Windows 10 - 32-bit, Microsoft Corp Windows 10 1607 - 64-bit, Microsoft Corp Windows 10 1607 - 32-bit, Microsoft Corp Windows Server 2016 - , Microsoft Corp Windows RT 8.1 - , Microsoft Corp Windows Server 2008 Service Pack 2 (Server Core Installation) - 64-bit, Microsoft Corp Windows Server 2008 Service Pack 2 (Server Core Installation) - 32-bit, Microsoft Corp Windows Server 2012 R2 (Server Core installation) - , Microsoft Corp Windows Server 2016 (Server Core installation) - , Microsoft Corp Windows Server 2008 R2 Service Pack 1 (Server Core installation) - 64-bit, Microsoft Corp Windows 10 1809 - 64-bit, Microsoft Corp Windows 10 1809 - 32-bit, Microsoft Corp Windows Server 2019 - , Microsoft Corp Windows Server 2019 (Server Core installation) - , Microsoft Corp Windows 10 1809 - ARM64, Microsoft Corp Windows 10 20H2 - ARM64, Microsoft Corp Windows 10 20H2 - 32-bit, Microsoft Corp Windows 10 20H2 - 64-bit, Microsoft Corp Windows 10 21H1 - 32-bit, Microsoft Corp Windows 10 21H1 - 64-bit, Microsoft Corp Windows 10 21H1 - ARM64, Microsoft Corp Windows Server 2022 - , Microsoft Corp Windows Server 2022 (Server Core installation) - , Microsoft Corp Windows 11 - 64-bit, Microsoft Corp Windows 11 - ARM64, Microsoft Corp Windows 10 21H2 - 64-bit, Microsoft Corp Windows 10 21H2 - 32-bit, Microsoft Corp Windows 10 21H2 - ARM64, Microsoft Corp Windows 11 22H2 - 64-bit, Microsoft Corp Windows 11 22H2 - ARM64, Microsoft Corp Windows 10 22H2 - 64-bit, Microsoft Corp Windows 10 22H2 - ARM64, Microsoft Corp Windows 10 22H2 - 32-bit, Microsoft Corp Windows Server 2012 (Server Core installation) - ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Microsoft.NET Framework, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Microsoft.NET Framework \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41064",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,8)"
}
FKIE_CVE-2022-41064
Vulnerability from fkie_nvd - Published: 2022-11-09 22:15 - Updated: 2025-01-02 22:15
Severity
Summary
.NET Framework Information Disclosure Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net_framework | 4.8 | |
| microsoft | .net_framework | 4.8.1 | |
| microsoft | windows_server_2022 | - | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | .net_framework | 4.8.1 | |
| microsoft | windows_10 | 21h1 | |
| microsoft | windows_10 | 21h1 | |
| microsoft | windows_10 | 21h1 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_7 | - | |
| microsoft | windows_7 | - | |
| microsoft | .net_framework | 4.8 | |
| microsoft | .net_framework | 4.8.1 | |
| microsoft | windows_10 | 21h2 | |
| microsoft | windows_10 | 21h2 | |
| microsoft | windows_10 | 21h2 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | .net_framework | 4.8.1 | |
| microsoft | windows_10 | 20h2 | |
| microsoft | windows_10 | 20h2 | |
| microsoft | windows_10 | 20h2 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | .net_framework | 4.8.1 | |
| microsoft | windows_10 | 22h2 | |
| microsoft | windows_10 | 22h2 | |
| microsoft | windows_10 | 22h2 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1809 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1607 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_server_2019 | - | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_server_2016 | - | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | - | |
| microsoft | .net_framework | 4.8 | |
| microsoft | .net_framework | 4.8.1 | |
| microsoft | windows_11 | - | |
| microsoft | windows_11 | 22h2 | |
| microsoft | nuget | * | |
| microsoft | nuget | * | |
| microsoft | nuget | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "934D4E46-12C1-41DC-A28C-A2C430E965E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734112B3-1383-4BE3-8721-C0F84566B764",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36B0E40A-84EF-4099-A395-75D6B8CDA196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "36559BC0-44D7-48B3-86FF-1BFF0257B5ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "934D4E46-12C1-41DC-A28C-A2C430E965E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*",
"matchCriteriaId": "49A4BBDA-0389-4171-AA49-6837F7DF4454",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*",
"matchCriteriaId": "F8C238FA-B20F-40A5-B861-A8295858F4BE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*",
"matchCriteriaId": "56513BCA-A9F5-4112-BDE6-77E9B8D2677E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734112B3-1383-4BE3-8721-C0F84566B764",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36B0E40A-84EF-4099-A395-75D6B8CDA196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "7FE8B00B-4F39-4755-A323-8AD71F5E3EBE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*",
"matchCriteriaId": "06BBFA69-94E2-4BAB-AFD3-BC434B11D106",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "934D4E46-12C1-41DC-A28C-A2C430E965E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*",
"matchCriteriaId": "665EA912-D724-41EB-86A9-24EB4FE87B54",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*",
"matchCriteriaId": "77E07B96-EAAA-4DD6-9172-0DE98A36726F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*",
"matchCriteriaId": "B846A736-E77C-4665-B28B-4E511880D575",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "934D4E46-12C1-41DC-A28C-A2C430E965E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*",
"matchCriteriaId": "610B33F9-0309-4CF7-B7E4-5152D9B2FFE4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*",
"matchCriteriaId": "21074553-EDF2-468D-8E79-C39851B5BC79",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*",
"matchCriteriaId": "4E62F9CB-D1B6-4B4D-BCCD-7F4D36A73B4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "934D4E46-12C1-41DC-A28C-A2C430E965E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:22h2:*:*:*:*:*:arm64:*",
"matchCriteriaId": "B1BD50A5-4D8C-4A68-AA8A-F4C30A96A797",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:22h2:*:*:*:*:*:x64:*",
"matchCriteriaId": "53DF53AD-6C26-4E21-9B4C-BCA54B1A0A69",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:22h2:*:*:*:*:*:x86:*",
"matchCriteriaId": "C29D3337-675F-4BE3-A07F-8047A9D1B9B1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734112B3-1383-4BE3-8721-C0F84566B764",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36B0E40A-84EF-4099-A395-75D6B8CDA196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*",
"matchCriteriaId": "925B8C67-C96F-4A4D-9BE7-CCCD78EF3C31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*",
"matchCriteriaId": "6CF580BA-6938-40F6-9D86-F43044A6BACA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*",
"matchCriteriaId": "C5E038AA-514F-48AC-B45E-859EE32525B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*",
"matchCriteriaId": "897A48D7-FCA1-4560-AFBB-718AF19BA3A2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*",
"matchCriteriaId": "507EB48C-F479-424C-8ABA-C279AB4FE3F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734112B3-1383-4BE3-8721-C0F84566B764",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36B0E40A-84EF-4099-A395-75D6B8CDA196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "C936FD4F-959C-43B8-9917-E2A0DF4A8793",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "DF8ABB14-84CF-4BBC-99C9-DA6C0F7A0619",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "084984D5-D241-497B-B118-50C6C1EAD468",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "BA592626-F17C-4F46-823B-0947D102BBD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "934D4E46-12C1-41DC-A28C-A2C430E965E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "5D7F7DDB-440E-42CD-82F4-B2C13F3CC462",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:x64:*",
"matchCriteriaId": "62B9100B-206D-4FD1-8D23-A355DCA37460",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6059BB72-7C2E-45CD-AA88-89CF8A93518B",
"versionEndExcluding": "1.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8607DBC3-2EF6-41B7-B0B1-48FEDE82C284",
"versionEndExcluding": "2.1.2",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7160A6F-A86F-4BAF-B5AD-D710C772B409",
"versionEndExcluding": "4.8.5",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": ".NET Framework Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de .NET Framework"
}
],
"id": "CVE-2022-41064",
"lastModified": "2025-01-02T22:15:22.180",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 4.0,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2022-11-09T22:15:20.917",
"references": [
{
"source": "secure@microsoft.com",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41064"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-8G2P-5PQH-5JMC
Vulnerability from github – Published: 2022-11-08 23:00 – Updated: 2023-01-30 23:02
VLAI
Summary
.NET Information Disclosure Vulnerability
Details
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET, .NET Core and .NET Framework's System.Data.SqlClient and Microsoft.Data.SqlClient NuGet Packages.
A vulnerability exists in System.Data.SqlClient and Microsoft.Data.SqlClient libraries where a timeout occurring under high load can cause incorrect data to be returned as the result of an asynchronously executed query.
Mitigation factors
If you are not talking to Microsoft SQL Server from your application you are not affected by this vulnerability.
How do I know if I am affected?
.NET has two types of dependencies: direct and transitive. Direct dependencies are dependencies where you specifically add a package to your project, transitive dependencies occur when you add a package to your project that in turn relies on another package.
For example, the Microsoft.AspNetCore.Mvc package depends on the Microsoft.AspNetCore.Mvc.Core package. When you add a dependency on Microsoft.AspNetCore.Mvc in your project, you're taking a transitive dependency on Microsoft.AspNetCore.Mvc.Core.
Any application that has a direct or transitive dependency on the affected packages listed above are vulnerable.
How do I fix the issue?
- If you are using System.Data.SqlClient on .NET Framework you must install the November update for .NET Framework
- If you are using System.Data.SqlClient on .NET Core, .NET 5 or .NET 6 you must update the nuget package to an updated version as listed in the affected packages.
- If you are using Microsoft.Data.SqlClient, anywhere (.NET Core, .NET 5/6, .NET Framework) and you are using a version that is vulnerable you must update as listed in the affected packages.
Additional Details
.NET and .NET Framework projects have two types of dependencies: direct and transitive. You must update your projects using the following instructions to address both types of dependency.
Additionally, .NET Framework users must also install the November 2022 security patch to be protected.
Direct dependencies
Direct dependencies are discoverable by examining your csproj file. They can be fixed by editing the project file or using nuget command line to update the dependency.
Transitive dependencies
Transitive dependencies occur when you add a package to your project that in turn relies on another package. Transitive dependencies can be discovered by searching the project.assets.json file for each of your projects. This file is produced on each build and is in the obj directory for each project.
The project.assets.json files are the authoritative list of all packages used by your project, containing both direct and transitive dependencies.
Fixing direct dependencies
Direct dependencies are nuget packages that have been specifically added to a project, rather than being pulled in because a nuget package added requires it. They can be seen in the solution explorer in Visual Studio or by opening the csproj for the project and examining the packageReference nodes for the package name, specified by the Include parameter, and its version, specified by the Version parameter.
For example, the following project file has a direct dependency on version 2.1.1 of Microsoft.Data.SqlClient.
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net6.0</TargetFramework>
<Nullable>enable</Nullable>
<ImplicitUsings>enable</ImplicitUsings>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.Data.SqlClient" Version="2.1.1" />
</ItemGroup>
</Project>
Fixing direct dependencies with the nuget command line
Open a command line to the directory holding your project
Run the following command if you are using a version of Microsoft.Data.SqlClient between 2.0.0 and 2.1.1
dotnet add package Microsoft.Data.SqlClient --version 2.1.2
Run the following command if you are using a version of Microsoft.Data.SqlClient below 1.1.4
dotnet add package Microsoft.Data.SqlClient --version 1.1.4
Run the following command if you are using a version of System.Data.SqlClient below 4.8.4
dotnet add package System.Data.SqlClient --version 4.8.5
Fixing direct dependencies by editing the project file
Open projectname.csproj in your editor. If you're using Visual Studio, right-click the project and choose Edit projectname.csproj from the context menu, where projectname is the name of your project.
Look for PackageReference elements. The following shows an example project file:
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net6.0</TargetFramework>
<Nullable>enable</Nullable>
<ImplicitUsings>enable</ImplicitUsings>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.Data.SqlClient" Version="2.1.1" />
</ItemGroup>
</Project>
The preceding example has a reference tone of the vulnerable packages as seen by the single PackageReference element. The name of the package is in the Include attribute. The package version number is in the Version attribute.
To update the version to the secure package, change the version number to the updated package version as listed in the Affected software section of this document.
In this example, update Microsoft.Data.SqlClient to the appropriate fixed version for your major version. Save the csproj file. The example csproj now looks as follows:
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net6.0</TargetFramework>
<Nullable>enable</Nullable>
<ImplicitUsings>enable</ImplicitUsings>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.Data.SqlClient" Version="2.1.2" />
</ItemGroup>
</Project>
If you're using Visual Studio and you save your updated csproj file, Visual Studio will restore the new package version.
You can see the restore results by opening the Output window (Ctrl+Alt+O) and changing the Show output from drop-down list to Package Manager.
If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the updated dependencies.
Now recompile your application. If after recompilation you see a Dependency conflict warning, you must update your other direct dependencies to versions that take a dependency on the updated package.
Discovering and fixing transitive dependencies
Rebuild your solution and then open the project.assets.json file from in each of your project’s obj directory in your editor. We suggest you use an editor that understands JSON and allows you to collapse and expand nodes to review this file. Both Visual Studio and Visual Studio Code provide JSON friendly editing.
Search the project.assets.json file for the vulnerable packages above using the format packagename/ for each of the package names from the preceding table. If you find the assembly name in your search:
Examine the line on which they are found, the version number is after the /.
Compare to the vulnerable versions
For example, a search result that shows "Microsoft.Data.SqlClient": "2.1.0" is a reference to version 2.1.0 of Microsoft.Data.SqlClient If your project.assets.json file includes vulnerable versions of the nuget packages then you need to fix the transitive dependencies.
If you have not found any reference to any vulnerable packages, this means either
None of your direct dependencies depend on any vulnerable packages, or
You have already fixed the problem by updating the direct dependencies.
If your transitive dependency review found references to the vulnerable package, you must add a direct dependency to the updated package to your csproj file to override the transitive dependency.
Editing projects to fix transitive dependencies
Open projectname.csproj in your editor. Look for PackageReference nodes, for example:
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net6.0</TargetFramework>
<Nullable>enable</Nullable>
<ImplicitUsings>enable</ImplicitUsings>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="IndirectDependency" Version="1.0.0" />
</ItemGroup>
</Project>
You must add a direct dependency to the updated, matching major/minor version of the vulnerable by adding it to the csproj file. This is done by adding a new line to the dependencies section, referencing the fixed version. For example,
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net6.0</TargetFramework>
<Nullable>enable</Nullable>
<ImplicitUsings>enable</ImplicitUsings>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="IndirectDependency" Version="1.0.0" />
<PackageReference Include="Microsoft.Data.SqlClient" Version="2.1.2" />
</ItemGroup>
</Project>
After you've added the direct dependency reference, save your csproj file.
If you're using Visual Studio, save your updated csproj file and Visual Studio will restore the new package versions. You can see the restore results by opening the Output window (Ctrl+Alt+O) and changing the Show output from drop-down list to Package Manager.
If you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the new dependencies.
Using the nuget command line to fix transitive dependencies
Open a command window and change directory to your project directory.
Run the following command if you have an indirect dependency on Microsoft.Data.SqlClient between versions 2.0.0 and 2.1.1
dotnet add package Microsoft.Data.SqlClient --version 2.1.2
Run the following command if you have an indirect dependency on Microsoft.Data.SqlClient below 1.1.4
dotnet add package Microsoft.Data.SqlClient --version 1.1.4
Run the following command if you have an indirect dependency on System.Data.SqlClient below 4.8.4
dotnet add package System.Data.SqlClient --version 4.8.5
Execute the dotnet restore command to restore the new dependencies.
Rebuilding your application
Finally, you must rebuild your application, test, and redeploy.
Disclaimer
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Revisions
V1.0 (November 8, 2022): Advisory published.
Version 1.0
Last Updated 2022-11-08
Severity
5.8 (Medium)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.1.3"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.Data.SqlClient"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.8.4"
},
"package": {
"ecosystem": "NuGet",
"name": "System.Data.SqlClient"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.8.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.Data.SqlClient"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.1.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-41064"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": true,
"github_reviewed_at": "2022-11-08T23:00:22Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "Microsoft is releasing this security advisory to provide information about a vulnerability in .NET, .NET Core and .NET Framework\u0027s System.Data.SqlClient and Microsoft.Data.SqlClient NuGet Packages.\n\nA vulnerability exists in System.Data.SqlClient and Microsoft.Data.SqlClient libraries where a timeout occurring under high load can cause incorrect data to be returned as the result of an asynchronously executed query.\n\n## \u003ca name=\"mitigation-factors\"\u003e\u003c/a\u003eMitigation factors\n\nIf you are not talking to Microsoft SQL Server from your application you are not affected by this vulnerability.\n\n### \u003ca name=\"how-affected\"\u003e\u003c/a\u003eHow do I know if I am affected?\n\n.NET has two types of dependencies: direct and transitive. Direct dependencies are dependencies where you specifically add a package to your project, transitive dependencies occur when you add a package to your project that in turn relies on another package. \n\nFor example, the\u202fMicrosoft.AspNetCore.Mvc\u202fpackage depends on the\u202fMicrosoft.AspNetCore.Mvc.Core\u202fpackage. When you add a dependency on\u202fMicrosoft.AspNetCore.Mvc\u202fin your project, you\u0027re taking a transitive dependency on\u202fMicrosoft.AspNetCore.Mvc.Core. \n \nAny application that has a direct or transitive dependency on the\u202f affected packages listed above are vulnerable.\n\n### \u003ca name=\"how-fix\"\u003e\u003c/a\u003eHow do I fix the issue?\n\n* If you are using System.Data.SqlClient on .NET Framework you must install the November update for .NET Framework\n* If you are using System.Data.SqlClient on .NET Core, .NET 5 or .NET 6 you must update the nuget package to an updated version as listed in the affected packages.\n* If you are using Microsoft.Data.SqlClient, anywhere (.NET Core, .NET 5/6, .NET Framework) and you are using a version that is vulnerable you must update as listed in the affected packages.\n\n**Additional Details**\n\n.NET and .NET Framework projects have two types of dependencies: direct and transitive. You must update your projects using the following instructions to address both types of dependency. \n\nAdditionally, .NET Framework users must also install the November 2022 security patch to be protected. \n\n#### Direct dependencies \n\nDirect dependencies are discoverable by examining your\u202fcsproj\u202ffile. They can be fixed by editing the project file or using nuget command line to update the dependency. \n\n#### Transitive dependencies \n\nTransitive dependencies occur when you add a package to your project that in turn relies on another package. Transitive dependencies can be discovered by searching the\u202fproject.assets.json\u202ffile for each of your projects. This file is produced on each build and is in the obj directory for each project. \n\nThe\u202fproject.assets.json files are the authoritative list of all packages used by your project, containing both direct and transitive dependencies. \n\n#### Fixing direct dependencies \n\nDirect dependencies are nuget packages that have been specifically added to a project, rather than being pulled in because a nuget package added requires it. They can be seen in the solution explorer in Visual Studio or by opening the csproj for the project and examining the packageReference nodes for the package name, specified by the Include parameter, and its version, specified by the Version parameter. \n\nFor example, the following project file has a direct dependency on version 2.1.1 of Microsoft.Data.SqlClient. \n```\n\u003cProject Sdk=\"Microsoft.NET.Sdk.Web\"\u003e \n\n \u003cPropertyGroup\u003e \n \u003cTargetFramework\u003enet6.0\u003c/TargetFramework\u003e \n \u003cNullable\u003eenable\u003c/Nullable\u003e \n \u003cImplicitUsings\u003eenable\u003c/ImplicitUsings\u003e \n \u003c/PropertyGroup\u003e \n\n \u003cItemGroup\u003e \n \u003cPackageReference Include=\"Microsoft.Data.SqlClient\" Version=\"2.1.1\" /\u003e \n \u003c/ItemGroup\u003e \n\n\u003c/Project\u003e \n```\n#### Fixing direct dependencies with the nuget command line \n\nOpen a command line to the directory holding your project \n\nRun the following command if you are using a version of Microsoft.Data.SqlClient between 2.0.0 and 2.1.1 \n\n\u003e dotnet add package Microsoft.Data.SqlClient --version 2.1.2 \n\nRun the following command if you are using a version of Microsoft.Data.SqlClient below 1.1.4 \n\n\u003e dotnet add package Microsoft.Data.SqlClient --version 1.1.4 \n\nRun the following command if you are using a version of System.Data.SqlClient below 4.8.4 \n\n\u003e dotnet add package System.Data.SqlClient --version 4.8.5 \n\n#### Fixing direct dependencies by editing the project file \n\nOpen\u202fprojectname.csproj\u202fin your editor. If you\u0027re using Visual Studio, right-click the project and choose\u202fEdit projectname.csproj\u202ffrom the context menu, where projectname is the name of your project. \n\nLook for\u202fPackageReference\u202felements. The following shows an example project file: \n\n```\n\u003cProject Sdk=\"Microsoft.NET.Sdk.Web\"\u003e \n\n \u003cPropertyGroup\u003e \n \u003cTargetFramework\u003enet6.0\u003c/TargetFramework\u003e \n \u003cNullable\u003eenable\u003c/Nullable\u003e \n \u003cImplicitUsings\u003eenable\u003c/ImplicitUsings\u003e \n \u003c/PropertyGroup\u003e \n\n \u003cItemGroup\u003e \n \u003cPackageReference Include=\"Microsoft.Data.SqlClient\" Version=\"2.1.1\" /\u003e \n \u003c/ItemGroup\u003e \n\n\u003c/Project\u003e \n```\n\nThe preceding example has a reference tone of the vulnerable packages as seen by the single\u202fPackageReference\u202felement. The name of the package is in the\u202fInclude\u202fattribute. \nThe package version number is in the\u202fVersion\u202fattribute. \n\nTo update the version to the secure package, change the version number to the updated package version as listed in the Affected software section of this document. \n\nIn this example, update\u202fMicrosoft.Data.SqlClient to the appropriate fixed version for your major version. Save the\u202fcsproj\u202ffile. The example\u202fcsproj\u202fnow looks as follows: \n```\n\u003cProject Sdk=\"Microsoft.NET.Sdk.Web\"\u003e \n\n \u003cPropertyGroup\u003e \n \u003cTargetFramework\u003enet6.0\u003c/TargetFramework\u003e \n \u003cNullable\u003eenable\u003c/Nullable\u003e \n \u003cImplicitUsings\u003eenable\u003c/ImplicitUsings\u003e \n \u003c/PropertyGroup\u003e \n\n \u003cItemGroup\u003e \n \u003cPackageReference Include=\"Microsoft.Data.SqlClient\" Version=\"2.1.2\" /\u003e \n \u003c/ItemGroup\u003e \n\n\u003c/Project\u003e\n```\nIf you\u0027re using Visual Studio and you save your updated\u202fcsproj\u202ffile, Visual Studio will restore the new package version. \n\nYou can see the restore results by opening the\u202fOutput\u202fwindow (Ctrl+Alt+O) and changing the\u202fShow output from\u202fdrop-down list to\u202fPackage Manager. \n\nIf you\u0027re not using Visual Studio, open a command line and change to your project directory. Execute the\u202fdotnet restore\u202fcommand to restore the updated dependencies. \n\nNow recompile your application. If after recompilation you see a\u202fDependency conflict warning, you must update your other direct dependencies to versions that take a dependency on the updated package. \n\n#### Discovering and fixing transitive dependencies \n\nRebuild your solution and then open the\u202fproject.assets.json\u202ffile from in each of your project\u2019s obj directory in your editor. We suggest you use an editor that understands JSON and allows you to collapse and expand nodes to review this file. Both Visual Studio and Visual Studio Code provide JSON friendly editing. \n\nSearch the\u202fproject.assets.json\u202ffile for the\u202fvulnerable packages above using the format\u202fpackagename/\u202ffor each of the package names from the preceding table. If you find the assembly name in your search: \n\nExamine the line on which they are found, the version number is after the\u202f/. \n\nCompare to the vulnerable versions \n\nFor example, a search result that shows\u202f\"Microsoft.Data.SqlClient\": \"2.1.0\" is a reference to version 2.1.0 of\u202fMicrosoft.Data.SqlClient If your\u202fproject.assets.json\u202ffile includes vulnerable versions of the nuget packages then you need to fix the transitive dependencies. \n\nIf you have not found any reference to any vulnerable packages, this means either \n\nNone of your direct dependencies depend on any vulnerable packages, or \n\nYou have already fixed the problem by updating the direct dependencies. \n\nIf your transitive dependency review found references to the\u202fvulnerable package, you must add a direct dependency to the updated package to your\u202fcsproj\u202ffile to override the transitive dependency. \n\n#### Editing projects to fix transitive dependencies \n\nOpen\u202fprojectname.csproj\u202fin your editor. Look for\u202fPackageReference\u202fnodes, for example: \n```\n\u003cProject Sdk=\"Microsoft.NET.Sdk.Web\"\u003e \n\n \u003cPropertyGroup\u003e \n \u003cTargetFramework\u003enet6.0\u003c/TargetFramework\u003e \n \u003cNullable\u003eenable\u003c/Nullable\u003e \n \u003cImplicitUsings\u003eenable\u003c/ImplicitUsings\u003e \n \u003c/PropertyGroup\u003e \n\n \u003cItemGroup\u003e \n \u003cPackageReference Include=\"IndirectDependency\" Version=\"1.0.0\" /\u003e \n \u003c/ItemGroup\u003e \n\n\u003c/Project\u003e \n```\n\n\nYou must add a direct dependency to the updated, matching major/minor version of the vulnerable\u202fby adding it to the\u202fcsproj\u202ffile. This is done by adding a new line to the dependencies section, referencing the fixed version. For example, \n```\n\u003cProject Sdk=\"Microsoft.NET.Sdk.Web\"\u003e \n\n \u003cPropertyGroup\u003e \n \u003cTargetFramework\u003enet6.0\u003c/TargetFramework\u003e \n \u003cNullable\u003eenable\u003c/Nullable\u003e \n \u003cImplicitUsings\u003eenable\u003c/ImplicitUsings\u003e \n \u003c/PropertyGroup\u003e \n\n \u003cItemGroup\u003e \n \u003cPackageReference Include=\"IndirectDependency\" Version=\"1.0.0\" /\u003e \n \u003cPackageReference Include=\"Microsoft.Data.SqlClient\" Version=\"2.1.2\" /\u003e \n \u003c/ItemGroup\u003e \n\n\u003c/Project\u003e \n\n```\n\nAfter you\u0027ve added the direct dependency reference, save your\u202fcsproj\u202ffile. \n\nIf you\u0027re using Visual Studio, save your updated\u202fcsproj\u202ffile and Visual Studio will restore the new package versions. You can see the restore results by opening the\u202fOutput\u202fwindow (Ctrl+Alt+O) and changing the\u202fShow output from\u202fdrop-down list to\u202fPackage Manager. \n\nIf you\u0027re not using Visual Studio, open a command line and change to your project directory. Execute the\u202fdotnet restore\u202fcommand to restore the new dependencies. \n\n#### Using the nuget command line to fix transitive dependencies \n\nOpen a command window and change directory to your project directory. \n\nRun the following command if you have an indirect dependency on Microsoft.Data.SqlClient between versions 2.0.0 and 2.1.1 \n\n\u003e dotnet add package Microsoft.Data.SqlClient --version 2.1.2 \n\nRun the following command if you have an indirect dependency on Microsoft.Data.SqlClient below 1.1.4 \n\n\u003e dotnet add package Microsoft.Data.SqlClient --version 1.1.4 \n\nRun the following command if you have an indirect dependency on System.Data.SqlClient below 4.8.4 \n\n\u003e dotnet add package System.Data.SqlClient --version 4.8.5 \n\nExecute the\u202fdotnet restore\u202fcommand to restore the new dependencies. \n\n#### Rebuilding your application \n\nFinally, you must rebuild your application, test, and redeploy. \n\n### Disclaimer\n\nThe information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\n\n### Revisions\n\nV1.0 (November 8, 2022): Advisory published.\n\n_Version 1.0_\n\n_Last Updated 2022-11-08_",
"id": "GHSA-8g2p-5pqh-5jmc",
"modified": "2023-01-30T23:02:28Z",
"published": "2022-11-08T23:00:22Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dotnet/corefx/security/advisories/GHSA-8g2p-5pqh-5jmc"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41064"
},
{
"type": "WEB",
"url": "https://github.com/dotnet/runtime/issues/78042"
},
{
"type": "PACKAGE",
"url": "https://github.com/dotnet/corefx"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064"
},
{
"type": "WEB",
"url": "https://www.nuget.org/packages/Microsoft.Data.SqlClient"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": ".NET Information Disclosure Vulnerability"
}
GSD-2022-41064
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
.NET Framework Information Disclosure Vulnerability
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-41064",
"id": "GSD-2022-41064"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-41064"
],
"details": ".NET Framework Information Disclosure Vulnerability",
"id": "GSD-2022-41064",
"modified": "2023-12-13T01:19:32.673088Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-41064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nuget 2.1.2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.0.0",
"version_value": "2.1.2"
}
]
}
},
{
"product_name": "Nuget 4.8.5",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.0.0",
"version_value": "4.8.4"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.8.0",
"version_value": "4.8.04584.08"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.0.0.0",
"version_value": "10.0.14393.5501"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.7.2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0.0",
"version_value": "10.0.04005.02"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8.1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.8.0.0",
"version_value": "4.8.09110.07"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.7.0",
"version_value": "4.7.04005.02"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6.2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.7.0",
"version_value": "4.7.04005.02"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6/4.6.2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0.0",
"version_value": "10.0.10240.19567"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ".NET Framework Information Disclosure Vulnerability"
}
]
},
"impact": {
"cvss": [
{
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41064",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41064"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:22h2:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:22h2:*:*:*:*:*:arm64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:22h2:*:*:*:*:*:x86:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.8.5",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.2",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-41064"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": ".NET Framework Information Disclosure Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41064",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41064"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 4.0
}
},
"lastModifiedDate": "2023-10-17T19:01Z",
"publishedDate": "2022-11-09T22:15Z"
}
}
}
MSRC_CVE-2022-41064
Vulnerability from csaf_microsoft - Published: 2022-11-08 08:00 - Updated: 2023-02-01 08:00Summary
.NET Framework Information Disclosure Vulnerability
Severity
Important
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.
Affected products
Fixed
80 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 4.8 6.3.04585.01
Microsoft .NET Framework 4.8
|
6.3.04585.01 | ||
|
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 10.0.14393.5501
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
|
10.0.14393.5501 | ||
|
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 10.0.14393.5501
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
|
10.0.14393.5501 | ||
|
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 10.0.14393.5501
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
|
10.0.14393.5501 | ||
|
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 10.0.14393.5501
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
|
10.0.14393.5501 | ||
|
Microsoft .NET Framework 4.7.2 10.0.04005.02
Microsoft .NET Framework 4.7.2
|
10.0.04005.02 | ||
|
Microsoft .NET Framework 4.7.2 10.0.04005.02
Microsoft .NET Framework 4.7.2
|
10.0.04005.02 | ||
|
Microsoft .NET Framework 4.7.2 10.0.04005.02
Microsoft .NET Framework 4.7.2
|
10.0.04005.02 | ||
|
Microsoft .NET Framework 4.7.2 10.0.04005.02
Microsoft .NET Framework 4.7.2
|
10.0.04005.02 | ||
|
Microsoft .NET Framework 4.7.2 10.0.04005.02
Microsoft .NET Framework 4.7.2
|
10.0.04005.02 | ||
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 6.3.04005.01
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
6.3.04005.01 | ||
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 6.3.04005.01
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
6.3.04005.01 | ||
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 6.3.04005.01
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
6.3.04005.01 | ||
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 6.3.04005.01
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
6.3.04005.01 | ||
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 6.3.04005.01
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
6.3.04005.01 | ||
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 6.3.04005.01
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
6.3.04005.01 | ||
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 6.3.04005.01
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
6.3.04005.01 | ||
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 6.3.04005.01
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
6.3.04005.01 | ||
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 6.3.04005.01
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
6.3.04005.01 | ||
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 6.3.04005.01
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
6.3.04005.01 | ||
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 6.3.04005.01
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
6.3.04005.01 | ||
|
Microsoft .NET Framework 4.8.1 4.8.09110.07
Microsoft .NET Framework 4.8.1
|
4.8.09110.07 | ||
|
Microsoft .NET Framework 4.8.1 4.8.09110.07
Microsoft .NET Framework 4.8.1
|
4.8.09110.07 | ||
|
Microsoft .NET Framework 4.8.1 4.8.09110.07
Microsoft .NET Framework 4.8.1
|
4.8.09110.07 | ||
|
Microsoft .NET Framework 4.8.1 4.8.09110.07
Microsoft .NET Framework 4.8.1
|
4.8.09110.07 | ||
|
Microsoft .NET Framework 4.8.1 4.8.09110.07
Microsoft .NET Framework 4.8.1
|
4.8.09110.07 | ||
|
Microsoft .NET Framework 4.8.1 4.8.09110.07
Microsoft .NET Framework 4.8.1
|
4.8.09110.07 | ||
|
Microsoft .NET Framework 4.8.1 4.8.09110.07
Microsoft .NET Framework 4.8.1
|
4.8.09110.07 | ||
|
Microsoft .NET Framework 4.8.1 4.8.09110.07
Microsoft .NET Framework 4.8.1
|
4.8.09110.07 | ||
|
Microsoft .NET Framework 4.8.1 4.8.09110.07
Microsoft .NET Framework 4.8.1
|
4.8.09110.07 | ||
|
Microsoft .NET Framework 4.8.1 4.8.09110.07
Microsoft .NET Framework 4.8.1
|
4.8.09110.07 | ||
|
Microsoft .NET Framework 4.8.1 4.8.09110.07
Microsoft .NET Framework 4.8.1
|
4.8.09110.07 | ||
|
Microsoft .NET Framework 4.8.1 4.8.09110.07
Microsoft .NET Framework 4.8.1
|
4.8.09110.07 | ||
|
Microsoft .NET Framework 4.8.1 4.8.09110.07
Microsoft .NET Framework 4.8.1
|
4.8.09110.07 | ||
|
Microsoft .NET Framework 4.8.1 4.8.09110.07
Microsoft .NET Framework 4.8.1
|
4.8.09110.07 | ||
|
Microsoft .NET Framework 4.8.1 4.8.09110.07
Microsoft .NET Framework 4.8.1
|
4.8.09110.07 | ||
|
Microsoft .NET Framework 4.8.1 4.8.09110.07
Microsoft .NET Framework 4.8.1
|
4.8.09110.07 | ||
|
Microsoft .NET Framework 4.8.1 4.8.09110.07
Microsoft .NET Framework 4.8.1
|
4.8.09110.07 | ||
|
Microsoft .NET Framework 4.6.2 6.0.04005.01
Microsoft .NET Framework 4.6.2
|
6.0.04005.01 | ||
|
Microsoft .NET Framework 4.6.2 6.0.04005.01
Microsoft .NET Framework 4.6.2
|
6.0.04005.01 | ||
|
Microsoft .NET Framework 4.6.2 6.0.04005.01
Microsoft .NET Framework 4.6.2
|
6.0.04005.01 | ||
|
Microsoft .NET Framework 4.6.2 6.0.04005.01
Microsoft .NET Framework 4.6.2
|
6.0.04005.01 | ||
|
Nuget 4.8.5 4.8.4
Nuget 4.8.5
|
4.8.4 | ||
|
Nuget 2.1.2 2.1.2
Nuget 2.1.2
|
2.1.2 | ||
|
Microsoft .NET Framework 4.6/4.6.2 10.0.10240.19567
Microsoft .NET Framework 4.6/4.6.2
|
10.0.10240.19567 | ||
|
Microsoft .NET Framework 4.6/4.6.2 10.0.10240.19567
Microsoft .NET Framework 4.6/4.6.2
|
10.0.10240.19567 |
Known affected
80 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft .NET Framework 4.6/4.6.2 <10.0.10240.19567
Microsoft .NET Framework 4.6/4.6.2
|
<10.0.10240.19567 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6/4.6.2 <10.0.10240.19567
Microsoft .NET Framework 4.6/4.6.2
|
<10.0.10240.19567 |
Vendor Fix
fix
|
|
|
Nuget 2.1.2 <2.1.2
Nuget 2.1.2
|
<2.1.2 |
Vendor Fix
fix
|
|
|
Nuget 4.8.5 <4.8.4
Nuget 4.8.5
|
<4.8.4 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2 <6.0.04005.01
Microsoft .NET Framework 4.6.2
|
<6.0.04005.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2 <6.0.04005.01
Microsoft .NET Framework 4.6.2
|
<6.0.04005.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2 <6.0.04005.01
Microsoft .NET Framework 4.6.2
|
<6.0.04005.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2 <6.0.04005.01
Microsoft .NET Framework 4.6.2
|
<6.0.04005.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8.1 <4.8.09110.07
Microsoft .NET Framework 4.8.1
|
<4.8.09110.07 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8.1 <4.8.09110.07
Microsoft .NET Framework 4.8.1
|
<4.8.09110.07 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8.1 <4.8.09110.07
Microsoft .NET Framework 4.8.1
|
<4.8.09110.07 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8.1 <4.8.09110.07
Microsoft .NET Framework 4.8.1
|
<4.8.09110.07 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8.1 <4.8.09110.07
Microsoft .NET Framework 4.8.1
|
<4.8.09110.07 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8.1 <4.8.09110.07
Microsoft .NET Framework 4.8.1
|
<4.8.09110.07 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8.1 <4.8.09110.07
Microsoft .NET Framework 4.8.1
|
<4.8.09110.07 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8.1 <4.8.09110.07
Microsoft .NET Framework 4.8.1
|
<4.8.09110.07 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8.1 <4.8.09110.07
Microsoft .NET Framework 4.8.1
|
<4.8.09110.07 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8.1 <4.8.09110.07
Microsoft .NET Framework 4.8.1
|
<4.8.09110.07 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8.1 <4.8.09110.07
Microsoft .NET Framework 4.8.1
|
<4.8.09110.07 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8.1 <4.8.09110.07
Microsoft .NET Framework 4.8.1
|
<4.8.09110.07 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8.1 <4.8.09110.07
Microsoft .NET Framework 4.8.1
|
<4.8.09110.07 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8.1 <4.8.09110.07
Microsoft .NET Framework 4.8.1
|
<4.8.09110.07 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8.1 <4.8.09110.07
Microsoft .NET Framework 4.8.1
|
<4.8.09110.07 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8.1 <4.8.09110.07
Microsoft .NET Framework 4.8.1
|
<4.8.09110.07 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8.1 <4.8.09110.07
Microsoft .NET Framework 4.8.1
|
<4.8.09110.07 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 <6.3.04005.01
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
<6.3.04005.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 <6.3.04005.01
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
<6.3.04005.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 <6.3.04005.01
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
<6.3.04005.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 <6.3.04005.01
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
<6.3.04005.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 <6.3.04005.01
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
<6.3.04005.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 <6.3.04005.01
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
<6.3.04005.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 <6.3.04005.01
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
<6.3.04005.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 <6.3.04005.01
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
<6.3.04005.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 <6.3.04005.01
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
<6.3.04005.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 <6.3.04005.01
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
<6.3.04005.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 <6.3.04005.01
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
|
<6.3.04005.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.7.2 <10.0.04005.02
Microsoft .NET Framework 4.7.2
|
<10.0.04005.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.7.2 <10.0.04005.02
Microsoft .NET Framework 4.7.2
|
<10.0.04005.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.7.2 <10.0.04005.02
Microsoft .NET Framework 4.7.2
|
<10.0.04005.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.7.2 <10.0.04005.02
Microsoft .NET Framework 4.7.2
|
<10.0.04005.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.7.2 <10.0.04005.02
Microsoft .NET Framework 4.7.2
|
<10.0.04005.02 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 <10.0.14393.5501
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
|
<10.0.14393.5501 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 <10.0.14393.5501
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
|
<10.0.14393.5501 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 <10.0.14393.5501
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
|
<10.0.14393.5501 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 <10.0.14393.5501
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
|
<10.0.14393.5501 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
|
|
Microsoft .NET Framework 4.8 <6.3.04585.01
Microsoft .NET Framework 4.8
|
<6.3.04585.01 |
Vendor Fix
fix
|
Threats
Impact
Information Disclosure
Exploit Status
Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
References
7 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | self |
| https://msrc.microsoft.com/csaf/2022/msrc_cve-202… | self |
| https://www.microsoft.com/en-us/msrc/exploitabili… | external |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/update-guide/vulnerabi… | self |
| https://msrc.microsoft.com/update-guide/vulnerabi… | self |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2022-41064 .NET Framework Information Disclosure Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064"
},
{
"category": "self",
"summary": "CVE-2022-41064 .NET Framework Information Disclosure Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/2022/msrc_cve-2022-41064.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": ".NET Framework Information Disclosure Vulnerability",
"tracking": {
"current_release_date": "2023-02-01T08:00:00.000Z",
"generator": {
"date": "2025-01-02T21:31:19.554Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2022-41064",
"initial_release_date": "2022-11-08T08:00:00.000Z",
"revision_history": [
{
"date": "2022-11-08T08:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2022-11-10T08:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Corrected Download and Article links in the Security Updates table. This is an informational change only."
},
{
"date": "2022-11-14T08:00:00.000Z",
"legacy_version": "2",
"number": "3",
"summary": "In the Security Updates table, added .NET Framework 4.8 installed on supported editions of Windows Server 2022, and added .NET Framework 4.8.1 installed on supported editions of Windows Server 2022 as these versions of Window Server 2022 with .NET Framework 4.8 or 4.8.1 installed are affected by this vulnerability. Customers running these versions of .NET Framework should install the November 2022 security updates to be protected from this vulnerability."
},
{
"date": "2022-11-15T08:00:00.000Z",
"legacy_version": "2.1",
"number": "4",
"summary": "In the Security Updates table, removed unsupported version of .NET Framework on Windows 10 version 1809. This is an informational update only."
},
{
"date": "2022-12-15T08:00:00.000Z",
"legacy_version": "2.2",
"number": "5",
"summary": "The following revisions have been made: 1) Added .NET Framework 4.6/4.6.2 installed on Windows 10 for 32-bit Systems and Windows 10 for x65-based Systems as .NET 4.6 installed on Windows 10 is supported. 2) Removed .NET Framework 4.6.2 installed on Windows 10 for 32-bit Systems and Windows 10 for x65-based Systems. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action."
},
{
"date": "2023-02-01T08:00:00.000Z",
"legacy_version": "3",
"number": "6",
"summary": "In the Security Updates table, added .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 installed on supported editions of Windows Server 2016 and Windows 10 version 1607 as these versions of Windows with .NET Framework AND 4.6.2/4.7/4.7.1/4.7.2 installed are affected by this vulnerability. Customers running these versions of .NET Framework should install the November 2022 security updates to be protected from this vulnerability."
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.1.2",
"product": {
"name": "Nuget 2.1.2 \u003c2.1.2",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "2.1.2",
"product": {
"name": "Nuget 2.1.2 2.1.2",
"product_id": "12120"
}
}
],
"category": "product_name",
"name": "Nuget 2.1.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.8.4",
"product": {
"name": "Nuget 4.8.5 \u003c4.8.4",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "4.8.4",
"product": {
"name": "Nuget 4.8.5 4.8.4",
"product_id": "12119"
}
}
],
"category": "product_name",
"name": "Nuget 4.8.5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "46"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-11930"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "47"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-10483"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "48"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-11568"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "49"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-10049"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "50"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-11571"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "51"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-10051"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "52"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-11898"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "53"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-11569"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "54"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-10482"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "55"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-10481"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "56"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-10816"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "57"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-11802"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "58"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-10852"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "59"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-10378"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "60"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-10543"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "61"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-11929"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "62"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-10047"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "63"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-11896"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "64"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-10484"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "65"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-10855"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "66"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-10379"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "67"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-11801"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "68"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-11897"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "69"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-10853"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.14393.5501",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 \u003c10.0.14393.5501",
"product_id": "42"
}
},
{
"category": "product_version",
"name": "10.0.14393.5501",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 10.0.14393.5501",
"product_id": "11723-10852"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.14393.5501",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 \u003c10.0.14393.5501",
"product_id": "43"
}
},
{
"category": "product_version",
"name": "10.0.14393.5501",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 10.0.14393.5501",
"product_id": "11723-10816"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.14393.5501",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 \u003c10.0.14393.5501",
"product_id": "44"
}
},
{
"category": "product_version",
"name": "10.0.14393.5501",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 10.0.14393.5501",
"product_id": "11723-10853"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.14393.5501",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 \u003c10.0.14393.5501",
"product_id": "45"
}
},
{
"category": "product_version",
"name": "10.0.14393.5501",
"product": {
"name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 10.0.14393.5501",
"product_id": "11723-10855"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.04005.02",
"product": {
"name": "Microsoft .NET Framework 4.7.2 \u003c10.0.04005.02",
"product_id": "37"
}
},
{
"category": "product_version",
"name": "10.0.04005.02",
"product": {
"name": "Microsoft .NET Framework 4.7.2 10.0.04005.02",
"product_id": "11862-11569"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.04005.02",
"product": {
"name": "Microsoft .NET Framework 4.7.2 \u003c10.0.04005.02",
"product_id": "38"
}
},
{
"category": "product_version",
"name": "10.0.04005.02",
"product": {
"name": "Microsoft .NET Framework 4.7.2 10.0.04005.02",
"product_id": "11862-11568"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.04005.02",
"product": {
"name": "Microsoft .NET Framework 4.7.2 \u003c10.0.04005.02",
"product_id": "39"
}
},
{
"category": "product_version",
"name": "10.0.04005.02",
"product": {
"name": "Microsoft .NET Framework 4.7.2 10.0.04005.02",
"product_id": "11862-11570"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.04005.02",
"product": {
"name": "Microsoft .NET Framework 4.7.2 \u003c10.0.04005.02",
"product_id": "40"
}
},
{
"category": "product_version",
"name": "10.0.04005.02",
"product": {
"name": "Microsoft .NET Framework 4.7.2 10.0.04005.02",
"product_id": "11862-11572"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.04005.02",
"product": {
"name": "Microsoft .NET Framework 4.7.2 \u003c10.0.04005.02",
"product_id": "41"
}
},
{
"category": "product_version",
"name": "10.0.04005.02",
"product": {
"name": "Microsoft .NET Framework 4.7.2 10.0.04005.02",
"product_id": "11862-11571"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "70"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-11931"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 \u003c4.8.09110.07",
"product_id": "9"
}
},
{
"category": "product_version",
"name": "4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 4.8.09110.07",
"product_id": "12078-11896"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 \u003c4.8.09110.07",
"product_id": "10"
}
},
{
"category": "product_version",
"name": "4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 4.8.09110.07",
"product_id": "12078-11897"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 \u003c4.8.09110.07",
"product_id": "11"
}
},
{
"category": "product_version",
"name": "4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 4.8.09110.07",
"product_id": "12078-11898"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 \u003c4.8.09110.07",
"product_id": "12"
}
},
{
"category": "product_version",
"name": "4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 4.8.09110.07",
"product_id": "12078-11929"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 \u003c4.8.09110.07",
"product_id": "13"
}
},
{
"category": "product_version",
"name": "4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 4.8.09110.07",
"product_id": "12078-11930"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 \u003c4.8.09110.07",
"product_id": "14"
}
},
{
"category": "product_version",
"name": "4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 4.8.09110.07",
"product_id": "12078-11931"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "71"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-11572"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "72"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-10048"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c6.3.04005.01",
"product_id": "26"
}
},
{
"category": "product_version",
"name": "6.3.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 6.3.04005.01",
"product_id": "11863-10379"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 \u003c4.8.09110.07",
"product_id": "15"
}
},
{
"category": "product_version",
"name": "4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 4.8.09110.07",
"product_id": "12078-12086"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 \u003c4.8.09110.07",
"product_id": "16"
}
},
{
"category": "product_version",
"name": "4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 4.8.09110.07",
"product_id": "12078-11927"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "73"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-12097"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c6.3.04005.01",
"product_id": "27"
}
},
{
"category": "product_version",
"name": "6.3.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 6.3.04005.01",
"product_id": "11863-10048"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "74"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-12098"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "75"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-11927"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c6.3.04005.01",
"product_id": "28"
}
},
{
"category": "product_version",
"name": "6.3.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 6.3.04005.01",
"product_id": "11863-10378"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 \u003c4.8.09110.07",
"product_id": "17"
}
},
{
"category": "product_version",
"name": "4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 4.8.09110.07",
"product_id": "12078-12099"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 \u003c4.8.09110.07",
"product_id": "18"
}
},
{
"category": "product_version",
"name": "4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 4.8.09110.07",
"product_id": "12078-12098"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 \u003c4.8.09110.07",
"product_id": "19"
}
},
{
"category": "product_version",
"name": "4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 4.8.09110.07",
"product_id": "12078-12085"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "76"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-12099"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c6.3.04005.01",
"product_id": "29"
}
},
{
"category": "product_version",
"name": "6.3.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 6.3.04005.01",
"product_id": "11863-10543"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c6.3.04005.01",
"product_id": "30"
}
},
{
"category": "product_version",
"name": "6.3.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 6.3.04005.01",
"product_id": "11863-10482"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c6.3.04005.01",
"product_id": "31"
}
},
{
"category": "product_version",
"name": "6.3.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 6.3.04005.01",
"product_id": "11863-10481"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c6.3.04005.01",
"product_id": "32"
}
},
{
"category": "product_version",
"name": "6.3.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 6.3.04005.01",
"product_id": "11863-10484"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 \u003c4.8.09110.07",
"product_id": "20"
}
},
{
"category": "product_version",
"name": "4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 4.8.09110.07",
"product_id": "12078-12097"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 \u003c4.8.09110.07",
"product_id": "21"
}
},
{
"category": "product_version",
"name": "4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 4.8.09110.07",
"product_id": "12078-11926"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 \u003c4.8.09110.07",
"product_id": "22"
}
},
{
"category": "product_version",
"name": "4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 4.8.09110.07",
"product_id": "12078-11802"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 \u003c4.8.09110.07",
"product_id": "23"
}
},
{
"category": "product_version",
"name": "4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 4.8.09110.07",
"product_id": "12078-11801"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c6.3.04005.01",
"product_id": "33"
}
},
{
"category": "product_version",
"name": "6.3.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 6.3.04005.01",
"product_id": "11863-10047"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "77"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-11926"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c6.3.04005.01",
"product_id": "34"
}
},
{
"category": "product_version",
"name": "6.3.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 6.3.04005.01",
"product_id": "11863-10049"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c6.3.04005.01",
"product_id": "35"
}
},
{
"category": "product_version",
"name": "6.3.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 6.3.04005.01",
"product_id": "11863-10483"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \u003c6.3.04005.01",
"product_id": "36"
}
},
{
"category": "product_version",
"name": "6.3.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 6.3.04005.01",
"product_id": "11863-10051"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.0.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2 \u003c6.0.04005.01",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "6.0.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2 6.0.04005.01",
"product_id": "12115-9318"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.0.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2 \u003c6.0.04005.01",
"product_id": "6"
}
},
{
"category": "product_version",
"name": "6.0.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2 6.0.04005.01",
"product_id": "12115-9312"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.0.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2 \u003c6.0.04005.01",
"product_id": "7"
}
},
{
"category": "product_version",
"name": "6.0.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2 6.0.04005.01",
"product_id": "12115-10287"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.0.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2 \u003c6.0.04005.01",
"product_id": "8"
}
},
{
"category": "product_version",
"name": "6.0.04005.01",
"product": {
"name": "Microsoft .NET Framework 4.6.2 6.0.04005.01",
"product_id": "12115-9344"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "78"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-11570"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "79"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-11923"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 \u003c6.3.04585.01",
"product_id": "80"
}
},
{
"category": "product_version",
"name": "6.3.04585.01",
"product": {
"name": "Microsoft .NET Framework 4.8 6.3.04585.01",
"product_id": "11650-11924"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 \u003c4.8.09110.07",
"product_id": "24"
}
},
{
"category": "product_version",
"name": "4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 4.8.09110.07",
"product_id": "12078-11923"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 \u003c4.8.09110.07",
"product_id": "25"
}
},
{
"category": "product_version",
"name": "4.8.09110.07",
"product": {
"name": "Microsoft .NET Framework 4.8.1 4.8.09110.07",
"product_id": "12078-11924"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.8.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.10240.19567",
"product": {
"name": "Microsoft .NET Framework 4.6/4.6.2 \u003c10.0.10240.19567",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "10.0.10240.19567",
"product": {
"name": "Microsoft .NET Framework 4.6/4.6.2 10.0.10240.19567",
"product_id": "12136-10729"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6/4.6.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.10240.19567",
"product": {
"name": "Microsoft .NET Framework 4.6/4.6.2 \u003c10.0.10240.19567",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "10.0.10240.19567",
"product": {
"name": "Microsoft .NET Framework 4.6/4.6.2 10.0.10240.19567",
"product_id": "12136-10735"
}
}
],
"category": "product_name",
"name": "Microsoft .NET Framework 4.6/4.6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41064",
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "Customers using either the System.Data.SqlClient or Microsoft.Data.SqlClient NuGet Packages need to do the following to be protected:\nIf you are using System.Data.SqlClient on .NET Framework you must install the November update for .NET Framework, If you are using System.Data.SqlClient on .NET Core, .NET 5 or .NET 6 you must update the nuget package to an updated version as listed in the affected packages., If you are using Microsoft.Data.SqlClient, anywhere (.NET Core, .NET 5/6, .NET Framework) and you are using a version that is vulnerable you must update as listed in the affected packages.\nPlease see Microsoft Security Advisory CVE 2022-41064 | .NET Information Disclosure Vulnerability for more information.",
"title": "If I am using System.Data.SqlClient or Microsoft.Data.SqlClient, what do I need to do to be protected from this vulnerability?"
},
{
"category": "faq",
"text": "Exploiting this vulnerability requires an attacker to be within the SQL Connection Pool.",
"title": "According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?"
},
{
"category": "faq",
"text": "Successful exploitation of this vulnerability requires an attacker to exhaust all the threads in the thread pool.",
"title": "According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?"
},
{
"category": "faq",
"text": "In this case, a successful attack could cause the attacker access queries from other users in the SQL Connection Pool.",
"title": "According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?"
}
],
"product_status": {
"fixed": [
"11650-10047",
"11650-10048",
"11650-10049",
"11650-10051",
"11650-10378",
"11650-10379",
"11650-10481",
"11650-10482",
"11650-10483",
"11650-10484",
"11650-10543",
"11650-10816",
"11650-10852",
"11650-10853",
"11650-10855",
"11650-11568",
"11650-11569",
"11650-11570",
"11650-11571",
"11650-11572",
"11650-11801",
"11650-11802",
"11650-11896",
"11650-11897",
"11650-11898",
"11650-11923",
"11650-11924",
"11650-11926",
"11650-11927",
"11650-11929",
"11650-11930",
"11650-11931",
"11650-12097",
"11650-12098",
"11650-12099",
"11723-10816",
"11723-10852",
"11723-10853",
"11723-10855",
"11862-11568",
"11862-11569",
"11862-11570",
"11862-11571",
"11862-11572",
"11863-10047",
"11863-10048",
"11863-10049",
"11863-10051",
"11863-10378",
"11863-10379",
"11863-10481",
"11863-10482",
"11863-10483",
"11863-10484",
"11863-10543",
"12078-11801",
"12078-11802",
"12078-11896",
"12078-11897",
"12078-11898",
"12078-11923",
"12078-11924",
"12078-11926",
"12078-11927",
"12078-11929",
"12078-11930",
"12078-11931",
"12078-12085",
"12078-12086",
"12078-12097",
"12078-12098",
"12078-12099",
"12115-10287",
"12115-9312",
"12115-9318",
"12115-9344",
"12119",
"12120",
"12136-10729",
"12136-10735"
],
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"32",
"33",
"34",
"35",
"36",
"37",
"38",
"39",
"40",
"41",
"42",
"43",
"44",
"45",
"46",
"47",
"48",
"49",
"50",
"51",
"52",
"53",
"54",
"55",
"56",
"57",
"58",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"68",
"69",
"70",
"71",
"72",
"73",
"74",
"75",
"76",
"77",
"78",
"79",
"80"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-41064 .NET Framework Information Disclosure Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064"
},
{
"category": "self",
"summary": "CVE-2022-41064 .NET Framework Information Disclosure Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "2.1.2:Security Update:https://github.com/dotnet/announcements/issues/XXX",
"product_ids": [
"3"
],
"url": "https://github.com/dotnet/announcements/issues/XXX"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "4.8.4:Security Update:https://github.com/dotnet/announcements/issues/XXX",
"product_ids": [
"4"
],
"url": "https://github.com/dotnet/announcements/issues/XXX"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "4.8.04584.08:Security Update:https://support.microsoft.com/help/5020687",
"product_ids": [
"46",
"61",
"70"
],
"url": "https://support.microsoft.com/help/5020687"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "4.8.04005.02:Monthly Rollup:https://support.microsoft.com/help/5020690",
"product_ids": [
"47",
"54",
"55",
"60",
"64"
],
"url": "https://support.microsoft.com/help/5020690"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "6.3.04585.01:Security Only:https://support.microsoft.com/help/5020680",
"product_ids": [
"47",
"54",
"60"
],
"url": "https://support.microsoft.com/help/5020680"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "10.0.04585.02:Monthly Rollup:https://support.microsoft.com/help/5020685",
"product_ids": [
"48",
"53"
],
"url": "https://support.microsoft.com/help/5020685"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "4.8.04585.02:Monthly Rollup:https://support.microsoft.com/help/5020688",
"product_ids": [
"49",
"51",
"62",
"72"
],
"url": "https://support.microsoft.com/help/5020688"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "6.2.04585.01:Security Only:https://support.microsoft.com/help/5020678",
"product_ids": [
"49",
"51",
"62",
"72"
],
"url": "https://support.microsoft.com/help/5020678"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "10.0.09110.12:Security Update:https://support.microsoft.com/help/5020685",
"product_ids": [
"50",
"71"
],
"url": "https://support.microsoft.com/help/5020685"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "4.8.04584.08:Security Update:https://support.microsoft.com/help/5020801",
"product_ids": [
"52",
"63",
"68"
],
"url": "https://support.microsoft.com/help/5020801"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "6.3.04585.01:Security Only:https://support.microsoft.com/help/5020680",
"product_ids": [
"55"
],
"url": "https://support.microsoft.com/help/5020680"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "10.0.04585.02:Security Update:https://support.microsoft.com/help/5020614",
"product_ids": [
"56",
"58",
"65",
"69"
],
"url": "https://support.microsoft.com/help/5020614"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "4.8.04584.08:Security Update:https://support.microsoft.com/help/5020686",
"product_ids": [
"57",
"67"
],
"url": "https://support.microsoft.com/help/5020686"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "4.8.04585.02:Monthly Rollup:https://support.microsoft.com/help/5020689",
"product_ids": [
"59",
"66"
],
"url": "https://support.microsoft.com/help/5020689"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "6.2.04585.01:Security Only:https://support.microsoft.com/help/5020679",
"product_ids": [
"59",
"66"
],
"url": "https://support.microsoft.com/help/5020679"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "10.0.14393.5501:Security Update:https://support.microsoft.com/help/5019964",
"product_ids": [
"42",
"43",
"44",
"45"
],
"url": "https://support.microsoft.com/help/5019964"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "10.0.04005.02:Security Update:https://support.microsoft.com/help/5020685",
"product_ids": [
"37",
"38",
"39",
"40",
"41"
],
"url": "https://support.microsoft.com/help/5020685"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "4.8.09110.07:Security Update:https://support.microsoft.com/help/5020801",
"product_ids": [
"9",
"10",
"11"
],
"url": "https://support.microsoft.com/help/5020801"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "4.8.09110.07:Security Update:https://support.microsoft.com/help/5020687",
"product_ids": [
"12",
"13",
"14"
],
"url": "https://support.microsoft.com/help/5020687"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "4.7.04005.02:Monthly Rollup:https://support.microsoft.com/help/5020689",
"product_ids": [
"26",
"28"
],
"url": "https://support.microsoft.com/help/5020689"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "6.2.04005.01:Security Only:https://support.microsoft.com/help/5020679",
"product_ids": [
"26",
"28"
],
"url": "https://support.microsoft.com/help/5020679"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "4.8.09110.07:Security Update:https://support.microsoft.com/help/5020622",
"product_ids": [
"15",
"19"
],
"url": "https://support.microsoft.com/help/5020622"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "4.8.04584.08:Security Update:https://support.microsoft.com/help/5020695",
"product_ids": [
"16",
"21"
],
"url": "https://support.microsoft.com/help/5020695"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "4.8.04584.08:Security Update:https://support.microsoft.com/help/5020694",
"product_ids": [
"73",
"74",
"76"
],
"url": "https://support.microsoft.com/help/5020694"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "4.7.04005.02:Monthly Rollup:https://support.microsoft.com/help/5020688",
"product_ids": [
"27",
"33",
"34",
"36"
],
"url": "https://support.microsoft.com/help/5020688"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "6.0.04005.01:Security Only:https://support.microsoft.com/help/5020678",
"product_ids": [
"27",
"33",
"34",
"36"
],
"url": "https://support.microsoft.com/help/5020678"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "4.8.04584.08:Security Update:https://support.microsoft.com/help/5020695",
"product_ids": [
"75"
],
"url": "https://support.microsoft.com/help/5020695"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "4.8.09110.07:Security Update:https://support.microsoft.com/help/5020694",
"product_ids": [
"17",
"18",
"20"
],
"url": "https://support.microsoft.com/help/5020694"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "4.8.04005.02:Monthly Rollup:https://support.microsoft.com/help/5020690",
"product_ids": [
"29",
"30",
"31",
"32",
"35"
],
"url": "https://support.microsoft.com/help/5020690"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "6.3.04005.01:Security Only:https://support.microsoft.com/help/5020680",
"product_ids": [
"29",
"30",
"31",
"32",
"35"
],
"url": "https://support.microsoft.com/help/5020680"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "4.8.09110.07:Security Update:https://support.microsoft.com/help/5020686",
"product_ids": [
"22",
"23"
],
"url": "https://support.microsoft.com/help/5020686"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "4.8.04584.08:Security Update:https://support.microsoft.com/help/5020695",
"product_ids": [
"77"
],
"url": "https://support.microsoft.com/help/5020695"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "4.7.04005.02:Monthly Rollup:https://support.microsoft.com/help/5020691",
"product_ids": [
"5",
"6",
"7",
"8"
],
"url": "https://support.microsoft.com/help/5020691"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "6.0.04005.01:Security Only:https://support.microsoft.com/help/5020681",
"product_ids": [
"5",
"6",
"7",
"8"
],
"url": "https://support.microsoft.com/help/5020681"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "10.0.04585.02:Security Update:https://support.microsoft.com/help/5020685",
"product_ids": [
"78"
],
"url": "https://support.microsoft.com/help/5020685"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "4.8.04584.08:Security Update:https://support.microsoft.com/help/5020692",
"product_ids": [
"79",
"80"
],
"url": "https://support.microsoft.com/help/5020692"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "4.8.09110.07:Security Update:https://support.microsoft.com/help/5020692",
"product_ids": [
"24",
"25"
],
"url": "https://support.microsoft.com/help/5020692"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "10.0.10240.19567:Security Update:https://support.microsoft.com/help/5019970",
"product_ids": [
"1",
"2"
],
"url": "https://support.microsoft.com/help/5019970"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.1,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"32",
"33",
"34",
"35",
"36",
"37",
"38",
"39",
"40",
"41",
"42",
"43",
"44",
"45",
"46",
"47",
"48",
"49",
"50",
"51",
"52",
"53",
"54",
"55",
"56",
"57",
"58",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"68",
"69",
"70",
"71",
"72",
"73",
"74",
"75",
"76",
"77",
"78",
"79",
"80"
]
}
],
"threats": [
{
"category": "impact",
"details": "Information Disclosure"
},
{
"category": "exploit_status",
"details": "Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely"
}
],
"title": ".NET Framework Information Disclosure Vulnerability"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…