CVE-2018-0786 – system.servicemodel.nettcp

Package

Manager: nuget
Name: system.servicemodel.nettcp
Vulnerable Version: =4.4.0 || >=4.4.0 <4.4.1 || =4.3.0 || >=4.3.0 <4.3.1 || =4.1.0 || >=4.1.0 <4.1.1

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01143 pctl0.77637

Details

Improper Certificate Validation in Microsoft .NET Framework components Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."

Metadata

Created: 2018-10-16T19:59:05Z
Modified: 2022-07-07T21:42:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-jc8g-xhw5-6x46/GHSA-jc8g-xhw5-6x46.json
CWE IDs: ["CWE-295"]
Alternative ID: GHSA-jc8g-xhw5-6x46
Finding: F163
Auto approve: 1