CVE-2023-36560
Description
ASP.NET Security Feature Bypass Vulnerability
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
4.17
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Windows Scripting Engine Memory Corruption Vulnerability for Windows 10 Version 1607 for x86-based Systems (KB5032197) | Windows |
| Windows Scripting Engine Memory Corruption Vulnerability for Windows Server 2016 for x64-based Systems (KB5032197) | Windows |
| Windows Scripting Engine Memory Corruption Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB5032197) | Windows |
| Windows Scripting Engine Memory Corruption Vulnerability for Windows 10 Version 1507 for x64-based Systems (KB5032199) | Windows |
| Windows Scripting Engine Memory Corruption Vulnerability for Windows 10 Version 1507 for x86-based Systems (KB5032199) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 4.8 for Windows 10 Version 1607 (KB5031989) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 4.8 for Windows 10 Version 1607 for x64 (KB5031989) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 4.8 for Windows Server 2016 for x64 (KB5031989) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 and 4.8.1 for Windows 11, version 23H2 for x64 (KB5032007) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 and 4.8.1 for Windows 11, version 23H2 for ARM64 (KB5032007) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 for ARM64 (KB5032007) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 for x64 (KB5032007) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5.1 for Windows Server 2008 R2 for x64 (KB5032012) (ESU) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 4.6.2 for Windows Server 2008 SP2 for x64 (KB5032009) (ESU) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2008 R2 for x64 (KB5032009) (ESU) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 4.6.2 for Windows Server 2008 SP2 (KB5032009) (ESU) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 4.8 for Windows Server 2008 R2 for x64 (KB5032010) (ESU) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 2.0, 3.0 for Windows Server 2008 SP2 (KB5032011) (ESU) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 2.0, 3.0 for Windows Server 2008 SP2 for x64 (KB5032011) (ESU) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 and 4.7.2 for Windows 10 Version 1809 for x64 (KB5031984) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 for x64 (KB5031984) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 and 4.7.2 for Windows 10 Version 1809 (KB5031984) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 and 4.8 for Windows 10 Version 1809 for x64 (KB5031990) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 and 4.8 for Windows Server 2019 for x64 (KB5031990) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 and 4.8 for Windows 10 Version 1809 (KB5031990) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 and 4.8 for Windows 10 Version 21H2 for x64 (KB5031988) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 and 4.8 for Windows 10 Version 21H2 (KB5031988) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 and 4.8 for Windows 10 Version 22H2 for x64 (KB5031988) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 and 4.8 for Windows 10 Version 22H2 (KB5031988) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 and 4.8.1 for Windows 10 Version 22H2 for x64 (KB5032005) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 and 4.8.1 for Windows 10 Version 21H2 (KB5032005) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 and 4.8.1 for Windows 10 Version 22H2 (KB5032005) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 and 4.8.1 for Windows 10 Version 21H2 for x64 (KB5032005) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 and 4.8 for Windows 11 for x64 (KB5031991) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 and 4.8.1 for Windows 11 for x64 (KB5032006) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5.1 for Windows Server 2008 R2 for x64 (KB5032000) (ESU) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 4.6.2 for Windows Server 2008 SP2 for x64 (KB5031987) (ESU) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 4.6.2 for Windows Server 2008 SP2 (KB5031987) (ESU) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2008 R2 for x64 (KB5031987) (ESU) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 4.8 for Windows Server 2008 R2 for x64 (KB5031995) (ESU) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 for Windows Server 2012 for x64 (KB5031998) (ESU) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 for x64 (KB5031985) (ESU) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 4.8 for Windows Server 2012 for x64 (KB5031992) (ESU) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 for Windows Server 2012 R2 for x64 (KB5032001) (ESU) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 R2 for x64 (KB5031986) (ESU) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 4.8 for Windows Server 2012 R2 for x64 (KB5031994) (ESU) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 2.0, 3.0 for Windows Server 2008 SP2 (KB5031999) (ESU) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 2.0, 3.0 for Windows Server 2008 SP2 for x64 (KB5031999) (ESU) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 for x64 (KB5031993) | Windows |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5032008) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-37616 | 2023-11 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB5032197) (CVE-2023-36036) (CVE-2023-36025) |
| PATCH-37617 | 2023-11 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5032197) (CVE-2023-36036) (CVE-2023-36025) |
| PATCH-37618 | 2023-11 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5032197) (CVE-2023-36036) (CVE-2023-36025) |
| PATCH-37619 | 2023-11 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB5032199) (CVE-2023-36036) (CVE-2023-36025) |
| PATCH-37620 | 2023-11 Cumulative Update for Windows 10 Version 1507 for x86-based Systems (KB5032199) (CVE-2023-36036) (CVE-2023-36025) |
| PATCH-37653 | 2023-11 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607 (KB5031989) |
| PATCH-37654 | 2023-11 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607 for x64 (KB5031989) |
| PATCH-37655 | 2023-11 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 for x64 (KB5031989) |
| PATCH-37649 | 2023-11 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 23H2 for x64 (KB5032007) |
| PATCH-37652 | 2023-11 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 for x64 (KB5032007) |
| PATCH-37671 | KB5032185, 2023-11 Security Only Update for .NET Framework 3.5.1 for Windows Server 2008 R2 for x64 (KB5032012) (ESU) |
| PATCH-37672 | KB5032185, 2023-11 Security Only Update for .NET Framework 4.6.2 for Windows Server 2008 SP2 for x64 (KB5032009) (ESU) |
| PATCH-37673 | KB5032185, 2023-11 Security Only Update for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2008 R2 for x64 (KB5032009) (ESU) |
| PATCH-37674 | KB5032185, 2023-11 Security Only Update for .NET Framework 4.6.2 for Windows Server 2008 SP2 (KB5032009) (ESU) |
| PATCH-37675 | KB5032185, 2023-11 Security Only Update for .NET Framework 4.8 for Windows Server 2008 R2 for x64 (KB5032010) (ESU) |
| PATCH-37669 | KB5032186, 2023-11 Security Only Update for .NET Framework 2.0, 3.0 for Windows Server 2008 SP2 (KB5032011) (ESU) |
| PATCH-37670 | KB5032186, 2023-11 Security Only Update for .NET Framework 2.0, 3.0 for Windows Server 2008 SP2 for x64 (KB5032011) (ESU) |
| PATCH-37629 | KB5032337, 2023-11 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10 Version 1809 for x64 (KB5031984) |
| PATCH-37630 | KB5032337, 2023-11 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 for x64 (KB5031984) |
| PATCH-37631 | KB5032337, 2023-11 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10 Version 1809 (KB5031984) |
| PATCH-37633 | KB5032337, 2023-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1809 for x64 (KB5031990) |
| PATCH-37634 | KB5032337, 2023-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 for x64 (KB5031990) |
| PATCH-37635 | KB5032337, 2023-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1809 (KB5031990) |
| PATCH-37636 | KB5032339, KB5032338, 2023-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 21H2 for x64 (KB5031988) |
| PATCH-37637 | KB5032339, KB5032338, 2023-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 21H2 (KB5031988) |
| PATCH-37638 | KB5032339, KB5032338, 2023-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 22H2 for x64 (KB5031988) |
| PATCH-37639 | KB5032339, KB5032338, 2023-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 22H2 (KB5031988) |
| PATCH-37643 | KB5032339, KB5032338, 2023-11 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 10 Version 22H2 for x64 (KB5032005) |
| PATCH-37644 | KB5032339, KB5032338, 2023-11 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 10 Version 21H2 (KB5032005) |
| PATCH-37645 | KB5032339, KB5032338, 2023-11 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 10 Version 22H2 (KB5032005) |
| PATCH-37646 | KB5032339, KB5032338, 2023-11 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 10 Version 21H2 for x64 (KB5032005) |
| PATCH-37640 | KB5032340, 2023-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 11 for x64 (KB5031991) |
| PATCH-37647 | KB5032340, 2023-11 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 for x64 (KB5032006) |
| PATCH-37660 | KB5032341, 2023-11 Security and Quality Rollup for .NET Framework 3.5.1 for Windows Server 2008 R2 for x64 (KB5032000) (ESU) |
| PATCH-37661 | KB5032341, 2023-11 Security and Quality Rollup for .NET Framework 4.6.2 for Windows Server 2008 SP2 for x64 (KB5031987) (ESU) |
| PATCH-37662 | KB5032341, 2023-11 Security and Quality Rollup for .NET Framework 4.6.2 for Windows Server 2008 SP2 (KB5031987) (ESU) |
| PATCH-37663 | KB5032341, 2023-11 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2008 R2 for x64 (KB5031987) (ESU) |
| PATCH-37666 | KB5032341, 2023-11 Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2008 R2 for x64 (KB5031995) (ESU) |
| PATCH-37659 | KB5032342, 2023-11 Security and Quality Rollup for .NET Framework 3.5 for Windows Server 2012 for x64 (KB5031998) (ESU) |
| PATCH-37665 | KB5032342, 2023-11 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 for x64 (KB5031985) (ESU) |
| PATCH-37668 | KB5032342, 2023-11 Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2012 for x64 (KB5031992) (ESU) |
| PATCH-37658 | KB5032343, 2023-11 Security and Quality Rollup for .NET Framework 3.5 for Windows Server 2012 R2 for x64 (KB5032001) (ESU) |
| PATCH-37664 | KB5032343, 2023-11 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 R2 for x64 (KB5031986) (ESU) |
| PATCH-37667 | KB5032343, 2023-11 Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2012 R2 for x64 (KB5031994) (ESU) |
| PATCH-37656 | KB5032344, 2023-11 Security and Quality Rollup for .NET Framework 2.0, 3.0 for Windows Server 2008 SP2 (KB5031999) (ESU) |
| PATCH-37657 | KB5032344, 2023-11 Security and Quality Rollup for .NET Framework 2.0, 3.0 for Windows Server 2008 SP2 for x64 (KB5031999) (ESU) |
| PATCH-37632 | KB5032336, KB5032478, 2023-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 for x64 (KB5031993) |
| PATCH-37642 | KB5032336, KB5032478, 2023-11 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5032008) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234