CVE-2021-31204

Description

.NET and Visual Studio Elevation of Privilege Vulnerability

Risk Information

Base Score

7.8

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

8.688

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2021-31204 are fixed in Update for AspNet Core (x64) (3.1.22)	Windows
Vulnerabilities CVE-2021-31204 are fixed in Update for AspNet Core (x86) (3.1.22)	Windows
Vulnerabilities CVE-2021-27068,CVE-2021-31204 are affected in Microsoft Visual Studio Community 2019 16.4.21	Windows
Vulnerabilities CVE-2021-31204 are affected in Microsoft Visual Studio Community 2019 16.7.9	Windows
Multiple Vulnerabilities are affected in Microsoft Visual Studio Community 2019 16.9	Windows
Vulnerabilities CVE-2021-27068,CVE-2021-31204 are affected in Microsoft Visual Studio Enterprise 2019 16.4.21	Windows
Vulnerabilities CVE-2021-31204 are affected in Microsoft Visual Studio Enterprise 2019 16.7.9	Windows
Multiple Vulnerabilities are affected in Microsoft Visual Studio Enterprise 2019 16.9	Windows
Vulnerabilities CVE-2021-27068,CVE-2021-31204 are affected in Microsoft Visual Studio Professional 2019 16.4.21	Windows
Vulnerabilities CVE-2021-31204 are affected in Microsoft Visual Studio Professional 2019 16.7.9	Windows
Multiple Vulnerabilities are affected in Microsoft Visual Studio Professional 2019 16.9	Windows
Aspnetcore-runtime-3.1 update (ELSA-2021-2037) aspnetcore-runtime-3.1-3.1.15-1.0.1.el8_4.x86_64.rpm	Linux
Aspnetcore-targeting-pack-3.1 update (ELSA-2021-2037) aspnetcore-targeting-pack-3.1-3.1.15-1.0.1.el8_4.x86_64.rpm	Linux
Dotnet-apphost-pack-3.1 update (ELSA-2021-2037) dotnet-apphost-pack-3.1-3.1.15-1.0.1.el8_4.x86_64.rpm	Linux
Dotnet-hostfxr-3.1 update (ELSA-2021-2037) dotnet-hostfxr-3.1-3.1.15-1.0.1.el8_4.x86_64.rpm	Linux
Dotnet-runtime-3.1 update (ELSA-2021-2037) dotnet-runtime-3.1-3.1.15-1.0.1.el8_4.x86_64.rpm	Linux
Dotnet-sdk-3.1 update (ELSA-2021-2037) dotnet-sdk-3.1-3.1.115-1.0.1.el8_4.x86_64.rpm	Linux
Dotnet-targeting-pack-3.1 update (ELSA-2021-2037) dotnet-targeting-pack-3.1-3.1.15-1.0.1.el8_4.x86_64.rpm	Linux
Dotnet-templates-3.1 update (ELSA-2021-2037) dotnet-templates-3.1-3.1.115-1.0.1.el8_4.x86_64.rpm	Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-108367	Update for AspNet Core (x64) (3.1.22)
PATCH-108368	Update for AspNet Core (x86) (3.1.22)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234