VDB
CVE-2022-26907
CVE-2022-26907
PUBLISHED
CVSS 5.300000190734863 MEDIUM
De multiples vulnérabilités ont été corrigées dans <span class="textit">Microsoft .Net</span>. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un déni de service.
EPSS 0.47% · 64.9th percentile
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
EPSS Score
0.47%
64.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | N/A | |
| Microsoft | Azure SDK for .Net | 2.0.0 |
| microsoft | azure_sdk_for_.net | 2.0.0 |
| NuGet | Microsoft.Rest.ClientRuntime | 0 |
| Microsoft | Azure |
Timeline
- Apr 12, 2022 CVE Published
- Apr 16, 2022 EPSS Score
- Jun 5, 2022 EPSS Score
- Jul 26, 2022 EPSS Score
- Nov 3, 2022 EPSS Score
- Dec 23, 2022 EPSS Score
- Feb 11, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 23, 2023 EPSS Score
- Jun 29, 2023 EPSS Score
- Jul 12, 2023 EPSS Score
References
- https://msrc.microsoft.com/update-guide/ advisory
- Azure SDK for .NET Information Disclosure Vulnerability vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-26907 advisory
- https://github.com/Azure/azure-sdk-for-net/pull/28169 url
- https://github.com/Azure/azure-sdk-for-net/commit/e67f2a9fc5aa1060bd465d1458c347671268f6f5 url
- https://github.com/Azure/azure-sdk-for-net package
- https://github.com/Azure/azure-sdk-for-net/blob/a919c48ae294fed084a9679b6f53ac6af3fb4c3a/sdk/mgmtcommon/ClientRuntime/ClientRuntime/Microsoft.Rest.ClientRuntime.csproj#L11 url
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26907 url