Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:40913
HistoryJun 15, 2023 - 6:24 p.m.

Privilege Escalation

2023-06-1518:24:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
19
vulnerability
deserialization
datatable
xml
privilege escalation

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

58.4%

.NET and .NET Framework are vulnerable to Privilege Escalation. The vulnerability exists when deserializing a DataSet or DataTable from XML, possibly resulting in privilege escalation.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

58.4%