Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-35264 (GCVE-0-2024-35264)
Vulnerability from cvelistv5 – Published: 2024-07-09 17:02 – Updated: 2026-02-10 23:34
VLAI?
EPSS
Title
.NET and Visual Studio Remote Code Execution Vulnerability
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | .NET 6.0 |
Affected:
-
|
|
| Microsoft | .NET 8.0 |
Affected:
1.0.0 , < 8.0.7
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.4 |
Affected:
17.4.0 , < 17.4.21
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.8 |
Affected:
17.8.0 , < 17.8.12
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.10 |
Affected:
17.10 , < 17.10.4
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.6 |
Affected:
17.6.0 , < 17.6.17
(custom)
|
Date Public ?
2024-07-09 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T18:13:39.190149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T16:35:29.446Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-06T14:19:56.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.herodevs.com/vulnerability-directory/cve-2024-35264"
},
{
"name": ".NET and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"product": ".NET 8.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.0.7",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.21",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.12",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.4",
"status": "affected",
"version": "17.10",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.17",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.7",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.4.21",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.8.12",
"versionStartIncluding": "17.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.4",
"versionStartIncluding": "17.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6.17",
"versionStartIncluding": "17.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-07-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T23:34:09.479Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264"
}
],
"title": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-35264",
"datePublished": "2024-07-09T17:02:10.148Z",
"dateReserved": "2024-05-14T20:14:47.413Z",
"dateUpdated": "2026-02-10T23:34:09.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-35264",
"date": "2026-05-20",
"epss": "0.04361",
"percentile": "0.89059"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndExcluding\": \"8.0.7\", \"matchCriteriaId\": \"223CB8C9-39B9-44E2-83AA-79F7C2B45D67\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.4.0\", \"versionEndExcluding\": \"17.4.21\", \"matchCriteriaId\": \"9079F629-6958-469E-AF83-8030B145E354\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.6.0\", \"versionEndExcluding\": \"17.6.17\", \"matchCriteriaId\": \"B1C74913-B238-4B3C-8F2D-37FFCCAB5E9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.8.0\", \"versionEndExcluding\": \"17.8.12\", \"matchCriteriaId\": \"547E0354-EE7E-43BA-B3C7-E4A59C414312\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.10.0\", \"versionEndExcluding\": \"17.10.4\", \"matchCriteriaId\": \"BA8A2DA8-D24E-4AB5-8685-A42EB33E1D6D\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \".NET and Visual Studio Remote Code Execution Vulnerability\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de ejecuci\\u00f3n remota de c\\u00f3digo de .NET y Visual Studio\"}]",
"id": "CVE-2024-35264",
"lastModified": "2024-11-21T09:20:02.723",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@microsoft.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}]}",
"published": "2024-07-09T17:15:18.213",
"references": "[{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-35264\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2024-07-09T17:15:18.213\",\"lastModified\":\"2025-05-06T15:16:00.420\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\".NET and Visual Studio Remote Code Execution Vulnerability\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de .NET y Visual Studio\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.0.7\",\"matchCriteriaId\":\"223CB8C9-39B9-44E2-83AA-79F7C2B45D67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.4.0\",\"versionEndExcluding\":\"17.4.21\",\"matchCriteriaId\":\"9079F629-6958-469E-AF83-8030B145E354\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.6.0\",\"versionEndExcluding\":\"17.6.17\",\"matchCriteriaId\":\"B1C74913-B238-4B3C-8F2D-37FFCCAB5E9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.8.0\",\"versionEndExcluding\":\"17.8.12\",\"matchCriteriaId\":\"547E0354-EE7E-43BA-B3C7-E4A59C414312\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.10.0\",\"versionEndExcluding\":\"17.10.4\",\"matchCriteriaId\":\"BA8A2DA8-D24E-4AB5-8685-A42EB33E1D6D\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.herodevs.com/vulnerability-directory/cve-2024-35264\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.herodevs.com/vulnerability-directory/cve-2024-35264\"}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264\", \"name\": \".NET and Visual Studio Remote Code Execution Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-05-06T14:19:56.217Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-35264\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-09T18:13:39.190149Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-09T18:13:49.272Z\"}}], \"cna\": {\"title\": \".NET and Visual Studio Remote Code Execution Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \".NET 6.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}]}, {\"vendor\": \"Microsoft\", \"product\": \".NET 8.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\", \"lessThan\": \"8.0.7\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.4\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.4.0\", \"lessThan\": \"17.4.21\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.8\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.8.0\", \"lessThan\": \"17.8.12\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.10\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.10\", \"lessThan\": \"17.10.4\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.6\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.6.0\", \"lessThan\": \"17.6.17\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2024-07-09T07:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264\", \"name\": \".NET and Visual Studio Remote Code Execution Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \".NET and Visual Studio Remote Code Execution Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416: Use After Free\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"8.0.7\", \"versionStartIncluding\": \"1.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.4.21\", \"versionStartIncluding\": \"17.4.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.8.12\", \"versionStartIncluding\": \"17.8.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.10.4\", \"versionStartIncluding\": \"17.10\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.6.17\", \"versionStartIncluding\": \"17.6.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-02-10T23:34:09.479Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-35264\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-10T23:34:09.479Z\", \"dateReserved\": \"2024-05-14T20:14:47.413Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2024-07-09T17:02:10.148Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2024-AVI-0558
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft .Net. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.7.2 versions antérieures à 10.0.14393.7159 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.8 versions antérieures à 4.8.4739.04 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6/4.6.2 versions antérieures à 10.0.10240.20710 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.2 versions antérieures à 4.7.4101.01 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions antérieures à 4.7.4101.01 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.7.2 versions antérieures à 4.7.2.4101.03 | ||
| Microsoft | N/A | Microsoft .NET Framework 2.0 Service Pack 2 versions antérieures à 2.0.50727.8977 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 versions antérieures à 3.5.4101.04 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.8.1 versions antérieures à 4.8.9256.03 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.7.2 versions antérieures à 10.0.10240.20710 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5.1 versions antérieures à 3.5.30729.8971 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.8 versions antérieures à 4.8.4739.02 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 versions antérieures à 3.5.30729.8972 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 versions antérieures à 3.5.30729.8971 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.8 versions antérieures à 4.8.4739.03 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.8.1 versions antérieures à 4.8.1.9256.03 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions antérieures à 4.7.4101.02 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.8 versions antérieures à 4.8.04739.02 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.7.2 versions antérieures à 4.7.4101.02 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.0 Service Pack 2 versions antérieures à 2.0.50727.8977 | ||
| Microsoft | N/A | .NET 8.0 versions antérieures à 8.0.7 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft .NET Framework 3.5 AND 4.7.2 versions ant\u00e9rieures \u00e0 10.0.14393.7159",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.8 versions ant\u00e9rieures \u00e0 4.8.4739.04",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6/4.6.2 versions ant\u00e9rieures \u00e0 10.0.10240.20710",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2 versions ant\u00e9rieures \u00e0 4.7.4101.01",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions ant\u00e9rieures \u00e0 4.7.4101.01",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.7.2 versions ant\u00e9rieures \u00e0 4.7.2.4101.03",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 2.0 Service Pack 2 versions ant\u00e9rieures \u00e0 2.0.50727.8977",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 versions ant\u00e9rieures \u00e0 3.5.4101.04",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.8.1 versions ant\u00e9rieures \u00e0 4.8.9256.03",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.7.2 versions ant\u00e9rieures \u00e0 10.0.10240.20710",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5.1 versions ant\u00e9rieures \u00e0 3.5.30729.8971",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.8 versions ant\u00e9rieures \u00e0 4.8.4739.02",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 versions ant\u00e9rieures \u00e0 3.5.30729.8972",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 versions ant\u00e9rieures \u00e0 3.5.30729.8971",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.8 versions ant\u00e9rieures \u00e0 4.8.4739.03",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.8.1 versions ant\u00e9rieures \u00e0 4.8.1.9256.03",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions ant\u00e9rieures \u00e0 4.7.4101.02",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.8 versions ant\u00e9rieures \u00e0 4.8.04739.02",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.7.2 versions ant\u00e9rieures \u00e0 4.7.4101.02",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.0 Service Pack 2 versions ant\u00e9rieures \u00e0 2.0.50727.8977",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 8.0 versions ant\u00e9rieures \u00e0 8.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-35264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35264"
},
{
"name": "CVE-2024-30105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30105"
},
{
"name": "CVE-2024-38095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38095"
},
{
"name": "CVE-2024-38081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38081"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0558",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft .Net. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2024-30105",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30105"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2024-38095",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38095"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2024-38081",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2024-35264",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264"
}
]
}
CERTFR-2024-AVI-0560
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.17328.20424 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.6 antérieures à 17.6.17 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (GDR) versions antérieures à 16.0.1121.4 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.4 antérieures à 17.4.21 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.10 antérieures à 17.10.4 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (CU 27) versions antérieures à 15.0.4382.1 | ||
| Microsoft | N/A | Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5456.1000 | ||
| Microsoft | N/A | Microsoft Defender pour IoT versions antérieures à 24.1.4 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (CU 13) versions antérieures à 16.0.4131.2 | ||
| Microsoft | N/A | Microsoft OLE DB Driver 19 pour SQL Server versions antérieures à 19.3.0005.0 | ||
| Microsoft | N/A | Microsoft SharePoint Server 2019 versions antérieures à 16.0.10412.20001 | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (GDR) versions antérieures à 14.0.2056.2 | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.1 antérieures à 9.1.28.09 | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (CU 31) versions antérieures à 14.0.3471.2 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (GDR) versions antérieures à 15.0.2116.2 | ||
| Microsoft | N/A | Microsoft OLE DB Driver 18 pour SQL Server versions antérieures à 18.7.0004.0 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.8 antérieures à 17.8.12 | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 (GDR) versions antérieures à 13.0.6441.1 | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connect Feature Pack versions antérieures à 13.0.7037.1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft SharePoint Server Subscription Edition versions ant\u00e9rieures \u00e0 16.0.17328.20424",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.6 ant\u00e9rieures \u00e0 17.6.17",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 16.0.1121.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.4 ant\u00e9rieures \u00e0 17.4.21",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.10 ant\u00e9rieures \u00e0 17.10.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 27) versions ant\u00e9rieures \u00e0 15.0.4382.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016 versions ant\u00e9rieures \u00e0 16.0.5456.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender pour IoT versions ant\u00e9rieures \u00e0 24.1.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (CU 13) versions ant\u00e9rieures \u00e0 16.0.4131.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OLE DB Driver 19 pour SQL Server versions ant\u00e9rieures \u00e0 19.3.0005.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019 versions ant\u00e9rieures \u00e0 16.0.10412.20001",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 14.0.2056.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.1 ant\u00e9rieures \u00e0 9.1.28.09",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (CU 31) versions ant\u00e9rieures \u00e0 14.0.3471.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 15.0.2116.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OLE DB Driver 18 pour SQL Server versions ant\u00e9rieures \u00e0 18.7.0004.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.8 ant\u00e9rieures \u00e0 17.8.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 (GDR) versions ant\u00e9rieures \u00e0 13.0.6441.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 Azure Connect Feature Pack versions ant\u00e9rieures \u00e0 13.0.7037.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-37336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37336"
},
{
"name": "CVE-2024-21317",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21317"
},
{
"name": "CVE-2024-37328",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37328"
},
{
"name": "CVE-2024-38094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38094"
},
{
"name": "CVE-2024-21428",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21428"
},
{
"name": "CVE-2024-37330",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37330"
},
{
"name": "CVE-2024-21308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21308"
},
{
"name": "CVE-2024-37321",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37321"
},
{
"name": "CVE-2024-38024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38024"
},
{
"name": "CVE-2024-28928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28928"
},
{
"name": "CVE-2024-21303",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21303"
},
{
"name": "CVE-2024-21425",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21425"
},
{
"name": "CVE-2024-20701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20701"
},
{
"name": "CVE-2024-21415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21415"
},
{
"name": "CVE-2024-35264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35264"
},
{
"name": "CVE-2024-37334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37334"
},
{
"name": "CVE-2024-37322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37322"
},
{
"name": "CVE-2024-35256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35256"
},
{
"name": "CVE-2024-37320",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37320"
},
{
"name": "CVE-2024-21398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21398"
},
{
"name": "CVE-2024-37332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37332"
},
{
"name": "CVE-2024-30105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30105"
},
{
"name": "CVE-2024-32987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32987"
},
{
"name": "CVE-2024-37326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37326"
},
{
"name": "CVE-2024-21332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21332"
},
{
"name": "CVE-2024-37324",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37324"
},
{
"name": "CVE-2024-37331",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37331"
},
{
"name": "CVE-2024-21335",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21335"
},
{
"name": "CVE-2024-37329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37329"
},
{
"name": "CVE-2024-21414",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21414"
},
{
"name": "CVE-2024-35271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35271"
},
{
"name": "CVE-2024-37319",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37319"
},
{
"name": "CVE-2024-37327",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37327"
},
{
"name": "CVE-2024-21449",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21449"
},
{
"name": "CVE-2024-38095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38095"
},
{
"name": "CVE-2024-37333",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37333"
},
{
"name": "CVE-2024-21373",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21373"
},
{
"name": "CVE-2024-38081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38081"
},
{
"name": "CVE-2024-30061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30061"
},
{
"name": "CVE-2024-38089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38089"
},
{
"name": "CVE-2024-38087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38087"
},
{
"name": "CVE-2024-35272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35272"
},
{
"name": "CVE-2024-37318",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37318"
},
{
"name": "CVE-2024-21331",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21331"
},
{
"name": "CVE-2024-38088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38088"
},
{
"name": "CVE-2024-37323",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37323"
},
{
"name": "CVE-2024-38023",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38023"
},
{
"name": "CVE-2024-21333",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21333"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0560",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21398",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21398"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21303",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21303"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37319",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37319"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21335",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21335"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37321",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37321"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28928",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28928"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37324",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37324"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21373",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21373"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-30061",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30061"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21308",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21308"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38089",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38089"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38024"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-30105",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30105"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37331",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37331"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38088",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38088"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37333",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37333"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37329",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37329"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-35271",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35271"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21331",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21331"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38095",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38095"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37334",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37334"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20701",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20701"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21428",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21428"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21333",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21333"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37318",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37318"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37330",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37330"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37323",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37323"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21425",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21425"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37320",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37320"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37327",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37327"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38087",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38087"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37336",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37336"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21317",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21317"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37332",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37332"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38023"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-35264",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-35272",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35272"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-35256",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35256"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38094",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21414",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21414"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21449",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21449"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38081",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21332",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21332"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37322",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37322"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37326",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37326"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37328",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37328"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-32987",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-32987"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21415",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21415"
}
]
}
CERTFR-2024-AVI-0558
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft .Net. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.7.2 versions antérieures à 10.0.14393.7159 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.8 versions antérieures à 4.8.4739.04 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6/4.6.2 versions antérieures à 10.0.10240.20710 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.2 versions antérieures à 4.7.4101.01 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions antérieures à 4.7.4101.01 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.7.2 versions antérieures à 4.7.2.4101.03 | ||
| Microsoft | N/A | Microsoft .NET Framework 2.0 Service Pack 2 versions antérieures à 2.0.50727.8977 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 versions antérieures à 3.5.4101.04 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.8.1 versions antérieures à 4.8.9256.03 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.7.2 versions antérieures à 10.0.10240.20710 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5.1 versions antérieures à 3.5.30729.8971 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.8 versions antérieures à 4.8.4739.02 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 versions antérieures à 3.5.30729.8972 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 versions antérieures à 3.5.30729.8971 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.8 versions antérieures à 4.8.4739.03 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.8.1 versions antérieures à 4.8.1.9256.03 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions antérieures à 4.7.4101.02 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.8 versions antérieures à 4.8.04739.02 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.7.2 versions antérieures à 4.7.4101.02 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.0 Service Pack 2 versions antérieures à 2.0.50727.8977 | ||
| Microsoft | N/A | .NET 8.0 versions antérieures à 8.0.7 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft .NET Framework 3.5 AND 4.7.2 versions ant\u00e9rieures \u00e0 10.0.14393.7159",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.8 versions ant\u00e9rieures \u00e0 4.8.4739.04",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6/4.6.2 versions ant\u00e9rieures \u00e0 10.0.10240.20710",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2 versions ant\u00e9rieures \u00e0 4.7.4101.01",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions ant\u00e9rieures \u00e0 4.7.4101.01",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.7.2 versions ant\u00e9rieures \u00e0 4.7.2.4101.03",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 2.0 Service Pack 2 versions ant\u00e9rieures \u00e0 2.0.50727.8977",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 versions ant\u00e9rieures \u00e0 3.5.4101.04",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.8.1 versions ant\u00e9rieures \u00e0 4.8.9256.03",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.7.2 versions ant\u00e9rieures \u00e0 10.0.10240.20710",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5.1 versions ant\u00e9rieures \u00e0 3.5.30729.8971",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.8 versions ant\u00e9rieures \u00e0 4.8.4739.02",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 versions ant\u00e9rieures \u00e0 3.5.30729.8972",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 versions ant\u00e9rieures \u00e0 3.5.30729.8971",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.8 versions ant\u00e9rieures \u00e0 4.8.4739.03",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.8.1 versions ant\u00e9rieures \u00e0 4.8.1.9256.03",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions ant\u00e9rieures \u00e0 4.7.4101.02",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.8 versions ant\u00e9rieures \u00e0 4.8.04739.02",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.7.2 versions ant\u00e9rieures \u00e0 4.7.4101.02",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.0 Service Pack 2 versions ant\u00e9rieures \u00e0 2.0.50727.8977",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 8.0 versions ant\u00e9rieures \u00e0 8.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-35264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35264"
},
{
"name": "CVE-2024-30105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30105"
},
{
"name": "CVE-2024-38095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38095"
},
{
"name": "CVE-2024-38081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38081"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0558",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft .Net. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2024-30105",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30105"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2024-38095",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38095"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2024-38081",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2024-35264",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264"
}
]
}
CERTFR-2024-AVI-0560
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.17328.20424 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.6 antérieures à 17.6.17 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (GDR) versions antérieures à 16.0.1121.4 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.4 antérieures à 17.4.21 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.10 antérieures à 17.10.4 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (CU 27) versions antérieures à 15.0.4382.1 | ||
| Microsoft | N/A | Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5456.1000 | ||
| Microsoft | N/A | Microsoft Defender pour IoT versions antérieures à 24.1.4 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (CU 13) versions antérieures à 16.0.4131.2 | ||
| Microsoft | N/A | Microsoft OLE DB Driver 19 pour SQL Server versions antérieures à 19.3.0005.0 | ||
| Microsoft | N/A | Microsoft SharePoint Server 2019 versions antérieures à 16.0.10412.20001 | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (GDR) versions antérieures à 14.0.2056.2 | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.1 antérieures à 9.1.28.09 | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (CU 31) versions antérieures à 14.0.3471.2 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (GDR) versions antérieures à 15.0.2116.2 | ||
| Microsoft | N/A | Microsoft OLE DB Driver 18 pour SQL Server versions antérieures à 18.7.0004.0 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.8 antérieures à 17.8.12 | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 (GDR) versions antérieures à 13.0.6441.1 | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connect Feature Pack versions antérieures à 13.0.7037.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft SharePoint Server Subscription Edition versions ant\u00e9rieures \u00e0 16.0.17328.20424",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.6 ant\u00e9rieures \u00e0 17.6.17",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 16.0.1121.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.4 ant\u00e9rieures \u00e0 17.4.21",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.10 ant\u00e9rieures \u00e0 17.10.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 27) versions ant\u00e9rieures \u00e0 15.0.4382.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016 versions ant\u00e9rieures \u00e0 16.0.5456.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender pour IoT versions ant\u00e9rieures \u00e0 24.1.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (CU 13) versions ant\u00e9rieures \u00e0 16.0.4131.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OLE DB Driver 19 pour SQL Server versions ant\u00e9rieures \u00e0 19.3.0005.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019 versions ant\u00e9rieures \u00e0 16.0.10412.20001",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 14.0.2056.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.1 ant\u00e9rieures \u00e0 9.1.28.09",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (CU 31) versions ant\u00e9rieures \u00e0 14.0.3471.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 15.0.2116.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OLE DB Driver 18 pour SQL Server versions ant\u00e9rieures \u00e0 18.7.0004.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.8 ant\u00e9rieures \u00e0 17.8.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 (GDR) versions ant\u00e9rieures \u00e0 13.0.6441.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 Azure Connect Feature Pack versions ant\u00e9rieures \u00e0 13.0.7037.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-37336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37336"
},
{
"name": "CVE-2024-21317",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21317"
},
{
"name": "CVE-2024-37328",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37328"
},
{
"name": "CVE-2024-38094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38094"
},
{
"name": "CVE-2024-21428",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21428"
},
{
"name": "CVE-2024-37330",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37330"
},
{
"name": "CVE-2024-21308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21308"
},
{
"name": "CVE-2024-37321",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37321"
},
{
"name": "CVE-2024-38024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38024"
},
{
"name": "CVE-2024-28928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28928"
},
{
"name": "CVE-2024-21303",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21303"
},
{
"name": "CVE-2024-21425",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21425"
},
{
"name": "CVE-2024-20701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20701"
},
{
"name": "CVE-2024-21415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21415"
},
{
"name": "CVE-2024-35264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35264"
},
{
"name": "CVE-2024-37334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37334"
},
{
"name": "CVE-2024-37322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37322"
},
{
"name": "CVE-2024-35256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35256"
},
{
"name": "CVE-2024-37320",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37320"
},
{
"name": "CVE-2024-21398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21398"
},
{
"name": "CVE-2024-37332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37332"
},
{
"name": "CVE-2024-30105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30105"
},
{
"name": "CVE-2024-32987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32987"
},
{
"name": "CVE-2024-37326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37326"
},
{
"name": "CVE-2024-21332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21332"
},
{
"name": "CVE-2024-37324",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37324"
},
{
"name": "CVE-2024-37331",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37331"
},
{
"name": "CVE-2024-21335",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21335"
},
{
"name": "CVE-2024-37329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37329"
},
{
"name": "CVE-2024-21414",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21414"
},
{
"name": "CVE-2024-35271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35271"
},
{
"name": "CVE-2024-37319",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37319"
},
{
"name": "CVE-2024-37327",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37327"
},
{
"name": "CVE-2024-21449",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21449"
},
{
"name": "CVE-2024-38095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38095"
},
{
"name": "CVE-2024-37333",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37333"
},
{
"name": "CVE-2024-21373",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21373"
},
{
"name": "CVE-2024-38081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38081"
},
{
"name": "CVE-2024-30061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30061"
},
{
"name": "CVE-2024-38089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38089"
},
{
"name": "CVE-2024-38087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38087"
},
{
"name": "CVE-2024-35272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35272"
},
{
"name": "CVE-2024-37318",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37318"
},
{
"name": "CVE-2024-21331",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21331"
},
{
"name": "CVE-2024-38088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38088"
},
{
"name": "CVE-2024-37323",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37323"
},
{
"name": "CVE-2024-38023",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38023"
},
{
"name": "CVE-2024-21333",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21333"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0560",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21398",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21398"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21303",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21303"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37319",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37319"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21335",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21335"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37321",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37321"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28928",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28928"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37324",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37324"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21373",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21373"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-30061",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30061"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21308",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21308"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38089",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38089"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38024"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-30105",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30105"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37331",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37331"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38088",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38088"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37333",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37333"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37329",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37329"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-35271",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35271"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21331",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21331"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38095",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38095"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37334",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37334"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20701",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20701"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21428",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21428"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21333",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21333"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37318",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37318"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37330",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37330"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37323",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37323"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21425",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21425"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37320",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37320"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37327",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37327"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38087",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38087"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37336",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37336"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21317",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21317"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37332",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37332"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38023"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-35264",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-35272",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35272"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-35256",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35256"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38094",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21414",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21414"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21449",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21449"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38081",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21332",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21332"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37322",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37322"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37326",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37326"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-37328",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37328"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-32987",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-32987"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21415",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21415"
}
]
}
alsa-2024:4450
Vulnerability from osv_almalinux
Published
2024-07-10 00:00
Modified
2024-07-11 08:47
Summary
Important: dotnet8.0 security update
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.107 and Runtime 8.0.7.
Security Fix(es):
- dotnet: DoS in System.Text.Json (CVE-2024-30105)
- dotnet: DoS in ASP.NET Core 8 (CVE-2024-35264)
- dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "aspnetcore-runtime-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.7-1.el9_4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "aspnetcore-runtime-dbg-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.7-1.el9_4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "aspnetcore-targeting-pack-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.7-1.el9_4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-apphost-pack-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.7-1.el9_4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-host"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.7-1.el9_4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-hostfxr-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.7-1.el9_4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-runtime-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.7-1.el9_4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-runtime-dbg-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.7-1.el9_4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-sdk-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.107-1.el9_4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-sdk-8.0-source-built-artifacts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.107-1.el9_4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-sdk-dbg-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.107-1.el9_4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-targeting-pack-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.7-1.el9_4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "dotnet-templates-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.107-1.el9_4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "netstandard-targeting-pack-2.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.107-1.el9_4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.107 and Runtime 8.0.7.\n\nSecurity Fix(es):\n\n* dotnet: DoS in System.Text.Json (CVE-2024-30105)\n* dotnet: DoS in ASP.NET Core 8 (CVE-2024-35264)\n* dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:4450",
"modified": "2024-07-11T08:47:11Z",
"published": "2024-07-10T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:4450"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-30105"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-35264"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-38095"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2295320"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2295321"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2295323"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-4450.html"
}
],
"related": [
"CVE-2024-30105",
"CVE-2024-35264",
"CVE-2024-38095"
],
"summary": "Important: dotnet8.0 security update"
}
alsa-2024:4451
Vulnerability from osv_almalinux
Published
2024-07-10 00:00
Modified
2024-07-11 08:44
Summary
Important: dotnet8.0 security update
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.107 and Runtime 8.0.7.
Security Fix(es):
- dotnet: DoS in System.Text.Json (CVE-2024-30105)
- dotnet: DoS in ASP.NET Core 8 (CVE-2024-35264)
- dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-runtime-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.7-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-runtime-dbg-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.7-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-targeting-pack-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.7-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.107-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-apphost-pack-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.7-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-host"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.7-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-hostfxr-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.7-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-runtime-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.7-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-runtime-dbg-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.7-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.107-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-8.0-source-built-artifacts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.107-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-dbg-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.107-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-targeting-pack-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.7-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-templates-8.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.107-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "netstandard-targeting-pack-2.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.107-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.107 and Runtime 8.0.7.\n\nSecurity Fix(es):\n\n* dotnet: DoS in System.Text.Json (CVE-2024-30105)\n* dotnet: DoS in ASP.NET Core 8 (CVE-2024-35264)\n* dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:4451",
"modified": "2024-07-11T08:44:08Z",
"published": "2024-07-10T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:4451"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-30105"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-35264"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-38095"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2295320"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2295321"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2295323"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-4451.html"
}
],
"related": [
"CVE-2024-30105",
"CVE-2024-35264",
"CVE-2024-38095"
],
"summary": "Important: dotnet8.0 security update"
}
bit-dotnet-2024-35264
Vulnerability from bitnami_vulndb
Published
2024-07-20 07:17
Modified
2025-05-20 10:02
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
Details
.NET and Visual Studio Remote Code Execution Vulnerability
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "dotnet",
"purl": "pkg:bitnami/dotnet"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.7"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2024-35264"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": ".NET and Visual Studio Remote Code Execution Vulnerability",
"id": "BIT-dotnet-2024-35264",
"modified": "2025-05-20T10:02:07.006Z",
"published": "2024-07-20T07:17:07.352Z",
"references": [
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35264"
},
{
"type": "WEB",
"url": "https://www.herodevs.com/vulnerability-directory/cve-2024-35264"
}
],
"schema_version": "1.5.0",
"summary": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
FKIE_CVE-2024-35264
Vulnerability from fkie_nvd - Published: 2024-07-09 17:15 - Updated: 2025-05-06 15:16
Severity ?
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.herodevs.com/vulnerability-directory/cve-2024-35264 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "223CB8C9-39B9-44E2-83AA-79F7C2B45D67",
"versionEndExcluding": "8.0.7",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9079F629-6958-469E-AF83-8030B145E354",
"versionEndExcluding": "17.4.21",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C74913-B238-4B3C-8F2D-37FFCCAB5E9E",
"versionEndExcluding": "17.6.17",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "547E0354-EE7E-43BA-B3C7-E4A59C414312",
"versionEndExcluding": "17.8.12",
"versionStartIncluding": "17.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8A2DA8-D24E-4AB5-8685-A42EB33E1D6D",
"versionEndExcluding": "17.10.4",
"versionStartIncluding": "17.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": ".NET and Visual Studio Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de .NET y Visual Studio"
}
],
"id": "CVE-2024-35264",
"lastModified": "2025-05-06T15:16:00.420",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-07-09T17:15:18.213",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.herodevs.com/vulnerability-directory/cve-2024-35264"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-CHFC-9W6M-75RF
Vulnerability from github – Published: 2024-07-09 21:14 – Updated: 2025-05-06 19:29
VLAI?
Summary
Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability
Details
Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability
Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A Vulnerability exists in ASP.NET Core 8 where Data Corruption in Kestrel HTTP/3 can result in remote code execution.
Note: HTTP/3 is experimental in .NET 6.0. If you are on .NET 6.0 and using HTTP/3, please upgrade to .NET 8.0.7
Announcement
Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/314
Mitigation factors
Microsoft has not identified any mitigating factors for this vulnerability.
Affected software
- Any .NET 8.0 application running on .NET 8.0.6 or earlier.
Affected Packages
The vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below
ASP.NET 8
| Package name | Affected version | Patched version |
|---|---|---|
| Microsoft.AspNetCore.App.Runtime.linux-arm | >=8.0.0, <= 8.0.6 | 8.0.7 |
| Microsoft.AspNetCore.App.Runtime.linux-arm64 | >=8.0.0, <= 8.0.6 | 8.0.7 |
| Microsoft.AspNetCore.App.Runtime.linux-musl-arm | >=8.0.0, <= 8.0.6 | 8.0.7 |
| Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 | >=8.0.0, <= 8.0.6 | 8.0.7 |
| Microsoft.AspNetCore.App.Runtime.linux-musl-x64 | >=8.0.0, <= 8.0.6 | 8.0.7 |
| Microsoft.AspNetCore.App.Runtime.linux-x64 | >=8.0.0, <= 8.0.6 | 8.0.7 |
| Microsoft.AspNetCore.App.Runtime.osx-arm64 | >=8.0.0, <= 8.0.6 | 8.0.7 |
| Microsoft.AspNetCore.App.Runtime.osx-x64 | >=8.0.0, <= 8.0.6 | 8.0.7 |
| Microsoft.AspNetCore.App.Runtime.win-arm | >=8.0.0, <= 8.0.6 | 8.0.7 |
| Microsoft.AspNetCore.App.Runtime.win-arm64 | >=8.0.0, <= 8.0.6 | 8.0.7 |
| Microsoft.AspNetCore.App.Runtime.win-x64 | >=8.0.0, <= 8.0.6 | 8.0.7 |
| Microsoft.AspNetCore.App.Runtime.win-x86 | >=8.0.0, <= 8.0.6 | 8.0.7 |
Advisory FAQ
How do I know if I am affected?
If you have a runtime or SDK with a version listed, or an affected package listed in affected software or affected packages, you're exposed to the vulnerability.
How do I fix the issue?
- To fix the issue please install the latest version of .NET 8.0 or .NET 7.0 or .NET 6.0. If you have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET SDKs.
- If you have .NET 6.0 or greater installed, you can list the versions you have installed by running the
dotnet --infocommand. You will see output like the following;
.NET Core SDK (reflecting any global.json):
Version: 8.0.200
Commit: 8473146e7d
Runtime Environment:
OS Name: Windows
OS Version: 10.0.18363
OS Platform: Windows
RID: win10-x64
Base Path: C:\Program Files\dotnet\sdk\6.0.300\
Host (useful for support):
Version: 8.0.3
Commit: 8473146e7d
.NET Core SDKs installed:
8.0.200 [C:\Program Files\dotnet\sdk]
.NET Core runtimes installed:
Microsoft.AspAspNetCore.App 8.0.3 [C:\Program Files\dotnet\shared\Microsoft.AspAspNetCore.App]
Microsoft.AspNetCore.App 8.0.3 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.WindowsDesktop.App 8.0.3 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
To install additional .NET Core runtimes or SDKs:
https://aka.ms/dotnet-download
- If you're using .NET 8.0, you should download and install .NET 8.0.7 Runtime or .NET 8.0.107 SDK (for Visual Studio 2022 v17.8) from https://dotnet.microsoft.com/download/dotnet-core/8.0.
.NET 8.0 updates are also available from Microsoft Update. To access this either type "Check for updates" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates.
Once you have installed the updated runtime or SDK, restart your apps for the update to take effect.
Additionally, if you've deployed self-contained applications targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed.
Other Information
Reporting Security Issues
If you have found a potential security issue in .NET 8.0 or .NET 7.0 or .NET 6.0, please email details to secure@microsoft.com. Reports may qualify for the Microsoft .NET Core & .NET 5 Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at https://aka.ms/corebounty.
Support
You can ask questions about this issue on GitHub in the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime and https://github.com/dotnet/aspnet/. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue.
Disclaimer
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Acknowledgement
Radek Zikmund of Microsoft Corporation
External Links
Revisions
V1.0 (July 09, 2024): Advisory published.
Version 1.0
Last Updated 2024-07-09
Severity ?
8.1 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.6"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-arm"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.6"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.6"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.6"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.6"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-musl-x64"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.6"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.6"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.osx-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.6"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.6"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.win-arm"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.6"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.win-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.6"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.win-x64"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.6"
},
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.AspNetCore.App.Runtime.win-x86"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-35264"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": true,
"github_reviewed_at": "2024-07-09T21:14:23Z",
"nvd_published_at": "2024-07-09T17:15:18Z",
"severity": "CRITICAL"
},
"details": "# Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability\n\n## \u003ca name=\"executive-summary\"\u003e\u003c/a\u003eExecutive summary\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nA Vulnerability exists in ASP.NET Core 8 where Data Corruption in Kestrel HTTP/3 can result in remote code execution.\n\nNote: HTTP/3 is experimental in .NET 6.0. If you are on .NET 6.0 and using HTTP/3, please upgrade to .NET 8.0.7\n\n## Announcement\n\nAnnouncement for this issue can be found at https://github.com/dotnet/announcements/issues/314\n\n## \u003ca name=\"mitigation-factors\"\u003e\u003c/a\u003eMitigation factors\n\nMicrosoft has not identified any mitigating factors for this vulnerability.\n\n## \u003ca name=\"affected-software\"\u003e\u003c/a\u003eAffected software\n\n* Any .NET 8.0 application running on .NET 8.0.6 or earlier.\n\n## \u003ca name=\"affected-packages\"\u003e\u003c/a\u003eAffected Packages\nThe vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below\n\n\n### \u003ca name=\"ASP.NET 8\"\u003e\u003c/a\u003eASP.NET 8\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm) | \u003e=8.0.0, \u003c= 8.0.6 | 8.0.7\n[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64) | \u003e=8.0.0, \u003c= 8.0.6 | 8.0.7\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm) | \u003e=8.0.0, \u003c= 8.0.6 | 8.0.7\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64) | \u003e=8.0.0, \u003c= 8.0.6 | 8.0.7\n[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64) | \u003e=8.0.0, \u003c= 8.0.6 | 8.0.7\n[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64) | \u003e=8.0.0, \u003c= 8.0.6 | 8.0.7\n[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64) | \u003e=8.0.0, \u003c= 8.0.6 | 8.0.7\n[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64) | \u003e=8.0.0, \u003c= 8.0.6 | 8.0.7\n[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm) | \u003e=8.0.0, \u003c= 8.0.6 | 8.0.7\n[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64) | \u003e=8.0.0, \u003c= 8.0.6 | 8.0.7\n[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64) | \u003e=8.0.0, \u003c= 8.0.6 | 8.0.7\n[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86) | \u003e=8.0.0, \u003c= 8.0.6 | 8.0.7\n\n## Advisory FAQ\n\n### \u003ca name=\"how-affected\"\u003e\u003c/a\u003eHow do I know if I am affected?\n\nIf you have a runtime or SDK with a version listed, or an affected package listed in [affected software](#affected-packages) or [affected packages](#affected-software), you\u0027re exposed to the vulnerability.\n\n### \u003ca name=\"how-fix\"\u003e\u003c/a\u003eHow do I fix the issue?\n\n* To fix the issue please install the latest version of .NET 8.0 or .NET 7.0 or .NET 6.0. If you have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET SDKs.\n* If you have .NET 6.0 or greater installed, you can list the versions you have installed by running the `dotnet --info` command. You will see output like the following;\n\n```\n.NET Core SDK (reflecting any global.json):\n\n\n Version: 8.0.200\n Commit: 8473146e7d\n\nRuntime Environment:\n\n OS Name: Windows\n OS Version: 10.0.18363\n OS Platform: Windows\n RID: win10-x64\n Base Path: C:\\Program Files\\dotnet\\sdk\\6.0.300\\\n\nHost (useful for support):\n\n Version: 8.0.3\n Commit: 8473146e7d\n\n.NET Core SDKs installed:\n\n 8.0.200 [C:\\Program Files\\dotnet\\sdk]\n\n.NET Core runtimes installed:\n\n Microsoft.AspAspNetCore.App 8.0.3 [C:\\Program Files\\dotnet\\shared\\Microsoft.AspAspNetCore.App]\n Microsoft.AspNetCore.App 8.0.3 [C:\\Program Files\\dotnet\\shared\\Microsoft.AspNetCore.App]\n Microsoft.WindowsDesktop.App 8.0.3 [C:\\Program Files\\dotnet\\shared\\Microsoft.WindowsDesktop.App]\n\n\nTo install additional .NET Core runtimes or SDKs:\n https://aka.ms/dotnet-download\n```\n\n* If you\u0027re using .NET 8.0, you should download and install .NET 8.0.7 Runtime or .NET 8.0.107 SDK (for Visual Studio 2022 v17.8) from https://dotnet.microsoft.com/download/dotnet-core/8.0.\n\n.NET 8.0 updates are also available from Microsoft Update. To access this either type \"Check for updates\" in your Windows search, or open Settings, choose Update \u0026 Security and then click Check for Updates.\n\nOnce you have installed the updated runtime or SDK, restart your apps for the update to take effect.\n\nAdditionally, if you\u0027ve deployed [self-contained applications](https://docs.microsoft.com/dotnet/core/deploying/#self-contained-deployments-scd) targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed.\n\n## Other Information\n\n### Reporting Security Issues\n\nIf you have found a potential security issue in .NET 8.0 or .NET 7.0 or .NET 6.0, please email details to secure@microsoft.com. Reports may qualify for the Microsoft .NET Core \u0026 .NET 5 Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at \u003chttps://aka.ms/corebounty\u003e.\n\n### Support\n\nYou can ask questions about this issue on GitHub in the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime and https://github.com/dotnet/aspnet/. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue.\n\n### Disclaimer\n\nThe information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\n\n### Acknowledgement\n\nRadek Zikmund of Microsoft Corporation\n\n### External Links\n\n[CVE-2024-35264]( https://www.cve.org/CVERecord?id=CVE-2024-35264)\n\n### Revisions\n\nV1.0 (July 09, 2024): Advisory published.\n\n_Version 1.0_\n\n_Last Updated 2024-07-09_",
"id": "GHSA-chfc-9w6m-75rf",
"modified": "2025-05-06T19:29:07Z",
"published": "2024-07-09T21:14:23Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-chfc-9w6m-75rf"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35264"
},
{
"type": "PACKAGE",
"url": "https://github.com/dotnet/aspnetcore"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264"
},
{
"type": "WEB",
"url": "https://www.herodevs.com/vulnerability-directory/cve-2024-35264"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability"
}
ICSA-25-135-02
Vulnerability from csaf_cisa - Published: 2025-05-13 00:00 - Updated: 2025-05-13 00:00Summary
Siemens INTRALOG WMS
Notes
Summary: INTRALOG WMS before V5 is affected by multiple vulnerabilities in the Microsoft .NET implementation as described below.
Siemens has released a new version for INTRALOG WMS and recommends to update to the latest version.
Please approach your INTRALOG WMS contact to resolve the reported vulnerabilities for your solution. When contacting your Siemens representative, kindly reference the Siemens Security Advisory ID (SSA-901508).
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer: This ICSA is a verbatim republication of Siemens ProductCERT SSA-901508 from a direct conversion of their vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.
Critical infrastructure sectors: Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
8.7 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
INTRALOG WMS
Siemens / INTRALOG WMS
|
vers:all/<V5 |
Vendor Fix
|
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
INTRALOG WMS
Siemens / INTRALOG WMS
|
vers:all/<V5 |
Vendor Fix
|
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
INTRALOG WMS
Siemens / INTRALOG WMS
|
vers:all/<V5 |
Vendor Fix
|
8.1 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
INTRALOG WMS
Siemens / INTRALOG WMS
|
vers:all/<V5 |
Vendor Fix
|
7.3 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
INTRALOG WMS
Siemens / INTRALOG WMS
|
vers:all/<V5 |
Vendor Fix
|
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
INTRALOG WMS
Siemens / INTRALOG WMS
|
vers:all/<V5 |
Vendor Fix
|
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
INTRALOG WMS
Siemens / INTRALOG WMS
|
vers:all/<V5 |
Vendor Fix
|
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
INTRALOG WMS
Siemens / INTRALOG WMS
|
vers:all/<V5 |
Vendor Fix
|
References
10 references
| URL | Category |
|---|---|
| https://cert-portal.siemens.com/productcert/csaf/… | self |
| https://cert-portal.siemens.com/productcert/html/… | self |
| https://raw.githubusercontent.com/cisagov/CSAF/de… | self |
| https://www.cisa.gov/news-events/ics-advisories/i… | self |
| https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-… | external |
| https://www.cisa.gov/resources-tools/resources/ic… | external |
| https://www.cisa.gov/topics/industrial-control-systems | external |
| https://us-cert.cisa.gov/sites/default/files/reco… | external |
| https://www.cisa.gov/sites/default/files/publicat… | external |
| https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B | external |
Acknowledgments
Siemens ProductCERT
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "INTRALOG WMS before V5 is affected by multiple vulnerabilities in the Microsoft .NET implementation as described below.\n\nSiemens has released a new version for INTRALOG WMS and recommends to update to the latest version.\nPlease approach your INTRALOG WMS contact to resolve the reported vulnerabilities for your solution. When contacting your Siemens representative, kindly reference the Siemens Security Advisory ID (SSA-901508).",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-901508 from a direct conversion of their vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-901508: Multiple Vulnerabilities in INTRALOG WMS Before V5 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-901508.json"
},
{
"category": "self",
"summary": "SSA-901508: Multiple Vulnerabilities in INTRALOG WMS Before V5 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-901508.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-135-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-135-02.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-135-02 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens INTRALOG WMS",
"tracking": {
"current_release_date": "2025-05-13T00:00:00.000000Z",
"generator": {
"date": "2025-05-15T17:45:44.665619Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-135-02",
"initial_release_date": "2025-05-13T00:00:00.000000Z",
"revision_history": [
{
"date": "2025-05-13T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV5",
"product": {
"name": "INTRALOG WMS",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "INTRALOG WMS"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-0056",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V5 or later version",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-0056"
},
{
"cve": "CVE-2024-20672",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": ".NET Denial of Service Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V5 or later version",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-20672"
},
{
"cve": "CVE-2024-30105",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": ".NET and Visual Studio Denial of Service Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V5 or later version",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-30105"
},
{
"cve": "CVE-2024-35264",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": ".NET and Visual Studio Remote Code Execution Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V5 or later version",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-35264"
},
{
"cve": "CVE-2024-38081",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"category": "summary",
"text": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V5 or later version",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-38081"
},
{
"cve": "CVE-2024-38095",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": ".NET and Visual Studio Denial of Service Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V5 or later version",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-38095"
},
{
"cve": "CVE-2024-43483",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "summary",
"text": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V5 or later version",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-43483"
},
{
"cve": "CVE-2024-43485",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "summary",
"text": ".NET and Visual Studio Denial of Service Vulnerability",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V5 or later version",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-43485"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…