Search for vulnerabilities
Vulnerability details: VCID-1gzq-upmj-aaaa
Vulnerability ID VCID-1gzq-upmj-aaaa
Aliases CVE-2022-34716
GHSA-2m65-m22p-9wjw
Summary .NET Spoofing Vulnerability.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-611 Improper Restriction of XML External Entity Reference
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2022:6037
rhas Moderate https://access.redhat.com/errata/RHSA-2022:6038
rhas Moderate https://access.redhat.com/errata/RHSA-2022:6043
rhas Moderate https://access.redhat.com/errata/RHSA-2022:6057
rhas Moderate https://access.redhat.com/errata/RHSA-2022:6058
cvssv3 5.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34716.json
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00794 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00816 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00816 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00816 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00816 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00816 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00816 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00816 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00816 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00816 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.00816 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.01372 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.01372 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.01372 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.01372 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.01372 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.01372 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.01372 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.01372 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.01372 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.01372 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.01473 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.01473 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.01473 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.05528 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.05528 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.05528 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.05528 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
epss 0.09117 https://api.first.org/data/v1/epss?cve=CVE-2022-34716
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=2115183
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-2m65-m22p-9wjw
cvssv3.1 5.9 https://github.com/dotnet/announcements/issues/232
generic_textual MODERATE https://github.com/dotnet/announcements/issues/232
cvssv3.1 5.9 https://github.com/dotnet/aspnetcore/issues/43166
generic_textual MODERATE https://github.com/dotnet/aspnetcore/issues/43166
cvssv3.1_qr CRITICAL https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj
cvssv3.1 5.9 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716
ssvc Track https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716
cvssv3 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-34716
Reference id Reference type URL
http://packetstormsecurity.com/files/168332/.NET-XML-Signature-Verification-External-Entity-Injection.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34716.json
https://api.first.org/data/v1/epss?cve=CVE-2022-34716
https://github.com/dotnet/announcements/issues/232
https://github.com/dotnet/aspnetcore/issues/43166
2115183 https://bugzilla.redhat.com/show_bug.cgi?id=2115183
cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*
CVE-2022-34716 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716
CVE-2022-34716 https://nvd.nist.gov/vuln/detail/CVE-2022-34716
CVE-2022-34716 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716
GHSA-2m65-m22p-9wjw https://github.com/advisories/GHSA-2m65-m22p-9wjw
GHSA-vh55-786g-wjwj https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj
RHSA-2022:6037 https://access.redhat.com/errata/RHSA-2022:6037
RHSA-2022:6038 https://access.redhat.com/errata/RHSA-2022:6038
RHSA-2022:6043 https://access.redhat.com/errata/RHSA-2022:6043
RHSA-2022:6057 https://access.redhat.com/errata/RHSA-2022:6057
RHSA-2022:6058 https://access.redhat.com/errata/RHSA-2022:6058
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34716.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/dotnet/announcements/issues/232
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/dotnet/aspnetcore/issues/43166
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T20:04:18Z/ Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-34716
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.47586
EPSS Score 0.00122
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.