5.7 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
2.9 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:M/Au:N/C:P/I:N/A:N
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A Information Disclosure vulnerability exists in .NET where System.DirectoryServices.Protocols.LdapConnection may send credentials in plain text on Linux.
Any .NET application that uses System.DirectoryServices.Protocols
with a vulnerable version listed below on system based on Linux.
Package name | Vulnerable versions | Secure versions |
---|---|---|
System.DirectoryServices.Protocols | 5.0.0 | 5.0.1 |
CPE | Name | Operator | Version |
---|---|---|---|
system.directoryservices.protocols | lt | 5.0.1 |
github.com/advisories/GHSA-9cxh-gqpx-qc5m
github.com/dotnet/runtime/issues/60301
github.com/dotnet/runtime/security/advisories/GHSA-9cxh-gqpx-qc5m
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-41355
nvd.nist.gov/vuln/detail/CVE-2021-41355
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41355
www.oracle.com/security-alerts/cpujan2022.html
5.7 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
2.9 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:M/Au:N/C:P/I:N/A:N