Lucene search
Veracode Vulnerability DatabaseVERACODE:21493HistorySep 12, 2019 - 7:16 a.m.
Privilege Escalation
2019-09-1207:16:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
0.002 Low
EPSS
Percentile
58.8%
ASP.NET Core is vulnerable to privilege escalation. When an ASP.NET Core web application is created using vulnerable project templates, the application fails to properly sanitize web requests. An attacker is able to exploit the vulnerability by sending an email to the user containing a malicious link and when clicked, performs content injection attacks and run scripts in the security context of the logged-on user.
| CPE | Name | Operator | Version |
|---|---|---|---|
| microsoft.aspnetcore.spaservices | eq | 2.2.0 | |
| microsoft.aspnetcore.spaservices | le | 2.1.1 |
Related
cve
cve
CVE-2019-1302
2019-09-11 22:15:19
osv
osv
CVE-2019-1302
2019-09-11 22:15:19
Elevation of privilege in ASP.NET Core
2022-05-24 22:00:33
nessus
nessus
Security Update for Microsoft ASP.NET Core (Sep 2019)
2019-09-13 00:00:00
Security Update for .NET Core SDK (Sep 2019)
2019-09-13 00:00:00
nvd
nvd
CVE-2019-1302
2019-09-11 22:15:19
checkpoint_advisories
checkpoint_advisories
Microsoft Asp.net Core Privilege Escalation (CVE-2019-1302)
2020-05-22 00:00:00
cvelist
cvelist
CVE-2019-1302
2019-09-11 21:25:01
symantec
symantec
prion
prion
Privilege escalation
2019-09-11 22:15:00
mscve
mscve
ASP.NET Core Elevation Of Privilege Vulnerability
2019-09-10 07:00:00
github
github
Elevation of privilege in ASP.NET Core
2022-05-24 22:00:33
openvas
openvas
.NET Core SDK Multiple Vulnerabilities (Sep 2019)
2019-09-11 00:00:00
.NET Core Multiple Vulnerabilities (Sep 2019)
2019-09-11 00:00:00
kaspersky
kaspersky
KLA11554 Multiple vulnerabilities in Microsoft Developer tools
2019-09-10 00:00:00
talosblog
talosblog