Vulnerability Description
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808.
CVSS Score
8.8
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Asp.Net Core | 2.0 |
References
- http://www.securityfocus.com/bid/102377Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040151Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0784PatchVendor Advisory
- http://www.securityfocus.com/bid/102377Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040151Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0784PatchVendor Advisory
FAQ
What is CVE-2018-0784?
CVE-2018-0784 is a vulnerability with a CVSS score of 8.8 (HIGH). ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from...
How severe is CVE-2018-0784?
CVE-2018-0784 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0784?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Asp.Net Core.