CVE-2018-8356 – system.servicemodel.duplex

Package

Manager: nuget
Name: system.servicemodel.duplex
Vulnerable Version: >=4.0.0 <=4.0.2 || >=4.3.0 <=4.3.1 || >=4.4.0 <=4.4.2 || >=4.5.0 <=4.5.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N

EPSS: 0.00356 pctl0.57139

Details

Improper Certificate Validation in Microsoft .NET Framework components A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

Metadata

Created: 2022-05-14T03:00:10Z
Modified: 2022-07-08T19:23:06Z
Source: MANUAL
CWE IDs: ["CWE-295"]
Alternative ID: GHSA-p9wx-v264-q34p
Finding: F163
Auto approve: 1