CVE-2018-8356 – system.servicemodel.nettcp

Package

Manager: nuget
Name: system.servicemodel.nettcp
Vulnerable Version: >=4.3.0 <4.3.3 || >=4.4.0 <4.4.4 || >=4.5.0 <4.5.3 || >=4.0.0 <4.1.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N

EPSS: 0.00356 pctl0.57139

Details

Improper Certificate Validation in Microsoft .NET Framework components A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

Metadata

Created: 2022-05-14T03:00:10Z
Modified: 2022-07-08T19:23:06Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p9wx-v264-q34p/GHSA-p9wx-v264-q34p.json
CWE IDs: ["CWE-295"]
Alternative ID: GHSA-p9wx-v264-q34p
Finding: F163
Auto approve: 1