5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
43.0%
microsoft.aspnetcore.app is vulnerable to information disclosure. The vulnerability exists in some of the .NET Core packages which allows an attacker to gain access to privileged information.
packetstormsecurity.com/files/168332/.NET-XML-Signature-Verification-External-Entity-Injection.html
access.redhat.com/security/cve/cve-2022-34716
bugzilla.redhat.com/show_bug.cgi?id=2115183
github.com/advisories/GHSA-2m65-m22p-9wjw
github.com/dotnet/aspnetcore/issues/43166
github.com/dotnet/core/releases/tag/v3.1.28
github.com/dotnet/core/releases/tag/v6.0.8
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
43.0%