VDB

CVE-2023-36561

CVE-2023-36561 PUBLISHED CVSS 8.699999809265137 HIGH

Es existieren mehrere Schwachstellen in den Microsoft Developer Tools. Die Fehler bestehen unter anderem aufgrund eines HTTP/2 Rapid Reset Angriffs, eines Speicherlecks und eines Absturzes. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern und einen Denial-of-Service-Zustand zu verursachen.

EPSS 0.27% · 51.0th percentile

Risk Scores

CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.27%
51.0th percentile

Affected Products

VendorProductVersions
MicrosoftMicrosoft Visual Studio 2022 version 17.4
MicrosoftMicrosoft Azure Identity SDK for Java
MicrosoftMicrosoft Azure Identity SDK for .NET
UbuntuUbuntu Linux
MicrosoftMicrosoft ASP.NET Core 6.0
MicrosoftMicrosoft Azure HDInsight
MicrosoftMicrosoft Visual Studio 2022 version 17.7
MicrosoftMicrosoft Azure Network Watcher VM Extension
MicrosoftMicrosoft Azure Identity SDK for JavaScript
MicrosoftMicrosoft ASP.NET Core 7.0
MicrosoftMicrosoft Visual Studio 2022 version 17.2
Red HatRed Hat Enterprise Linux
MicrosoftMicrosoft Azure DevOps Server 2020.0.2
MicrosoftMicrosoft Azure DevOps Server 2022.0.1
MicrosoftMicrosoft Azure RTOS GUIX Studio
MicrosoftMicrosoft Azure DevOps Server 2020.1.2
MicrosoftMicrosoft Azure Identity SDK for Python
MicrosoftMicrosoft Visual Studio 2022 version 17.6
MicrosoftMicrosoft Azure RTOS GUIX Studio Installer Application
OracleOracle Linux

Timeline

  • Oct 10, 2023 CVE Published
  • Oct 11, 2023 EPSS Score
  • Nov 11, 2023 EPSS Score
  • Dec 13, 2023 EPSS Score
  • Jan 13, 2024 EPSS Score
  • Feb 14, 2024 EPSS Score
  • Mar 16, 2024 EPSS Score
  • Apr 16, 2024 EPSS Score
  • May 18, 2024 EPSS Score
  • Jun 18, 2024 EPSS Score
  • Jul 19, 2024 EPSS Score
  • Aug 20, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›