CVE-2016-7270
Description
The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka .NET Information Disclosure Vulnerability.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
37.038
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Microsft Browser Information Disclosure Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB3206632) - Cumulative | Windows |
| Microsft Browser Information Disclosure Vulnerability for Windows 10 Version 1607 (KB3206632) - Cumulative | Windows |
| .NET Framework Information Disclosure Vulnerability for .NET Framework 4.6.2 on Windows 7 (KB3204805) | Windows |
| .NET Framework Information Disclosure Vulnerability for .NET Framework 4.6.2 on Windows 7 and Windows Server 2008 R2 for x64 (KB3204805) | Windows |
| .NET Framework Information Disclosure Vulnerability for .NET Framework 4.6.2 on Windows Server 2012 for x64 (KB3204801) | Windows |
| .NET Framework Information Disclosure Vulnerability for .NET Framework 4.6.2 on Windows 8.1 (KB3204802) | Windows |
| .NET Framework Information Disclosure Vulnerability for .NET Framework 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3204802) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-21832 | Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB3206632) |
| PATCH-21831 | Cumulative Update for Windows 10 Version 1607 (KB3206632) |
| PATCH-21906 | December, 2016 Security Only Update for .NET Framework 4.6.2 on Windows 7 (KB3204805) |
| PATCH-21907 | December, 2016 Security Only Update for .NET Framework 4.6.2 on Windows 7 and Windows Server 2008 R2 for x64 (KB3204805) |
| PATCH-21908 | December, 2016 Security Only Update for .NET Framework 4.6.2 on Windows Server 2012 for x64 (KB3204801) |
| PATCH-21909 | December, 2016 Security Only Update for .NET Framework 4.6.2 on Windows 8.1 (KB3204802) |
| PATCH-21910 | December, 2016 Security Only Update for .NET Framework 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3204802) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234