VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-g96g-hgdh-aaan

Essentials
Severities (99)
References (19)
Severity details (10)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-g96g-hgdh-aaan
Aliases	CVE-2018-8356 GHSA-p9wx-v264-q34p
Summary	Improper Certificate Validation A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework, Microsoft .NET Framework, Microsoft .NET Framework /4.7/4.7.1/4.7.2, ASP.NET Core, Microsoft .NET Framework, ASP.NET Core, ASP.NET Core, .NET Core, Microsoft .NET Framework, Microsoft .NET Framework, Microsoft .NET Framework /4.6.1/4.6.2, .NET Core, .NET Core, Microsoft .NET Framework, Microsoft .NET Framework /4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-295	Improper Certificate Validation
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8356.json
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.0036	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.02884	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.02884	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.02884	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
epss	0.02884	https://api.first.org/data/v1/epss?cve=CVE-2018-8356
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1600323
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-p9wx-v264-q34p
cvssv3.1	5.5	https://github.com/dotnet/announcements/issues/73
generic_textual	MODERATE	https://github.com/dotnet/announcements/issues/73
cvssv3.1	7.5	https://github.com/github/advisory-database/issues/302
generic_textual	HIGH	https://github.com/github/advisory-database/issues/302
cvssv2	2.1	https://nvd.nist.gov/vuln/detail/CVE-2018-8356
cvssv3	5.5	https://nvd.nist.gov/vuln/detail/CVE-2018-8356
cvssv3.1	5.5	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356
generic_textual	MODERATE	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8356.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-8356
		https://github.com/dotnet/announcements/issues/73
		https://github.com/github/advisory-database/issues/302
		https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356
		http://www.securityfocus.com/bid/104664
		http://www.securitytracker.com/id/1041257
1600323		https://bugzilla.redhat.com/show_bug.cgi?id=1600323
cpe:2.3:a:microsoft:asp.net_core:1.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core:1.0:::::::*
cpe:2.3:a:microsoft:asp.net_core:1.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core:1.1:::::::*
cpe:2.3:a:microsoft:asp.net_core:2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core:2.0:::::::*
cpe:2.3:a:microsoft:.net_core:1.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:1.0:::::::*
cpe:2.3:a:microsoft:.net_core:1.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:1.1:::::::*
cpe:2.3:a:microsoft:.net_core:2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:2.0:::::::*
cpe:2.3:a:microsoft:.net_framework_developer_pack:4.7.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework_developer_pack:4.7.2:::::::*
cpe:2.3:a:microsoft:powershell_core:6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:powershell_core:6.0:::::::*
cpe:2.3:a:microsoft:powershell_core:6.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:powershell_core:6.1:::::::*
CVE-2018-8356		https://nvd.nist.gov/vuln/detail/CVE-2018-8356
GHSA-p9wx-v264-q34p		https://github.com/advisories/GHSA-p9wx-v264-q34p

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8356.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/dotnet/announcements/issues/73

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/github/advisory-database/issues/302

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-8356

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-8356

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.59417
EPSS Score	0.00211
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8356.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-8356
		https://github.com/dotnet/announcements/issues/73
		https://github.com/github/advisory-database/issues/302
		https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356
		http://www.securityfocus.com/bid/104664
		http://www.securitytracker.com/id/1041257
1600323		https://bugzilla.redhat.com/show_bug.cgi?id=1600323
cpe:2.3:a:microsoft:asp.net_core:1.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core:1.0:::::::*
cpe:2.3:a:microsoft:asp.net_core:1.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core:1.1:::::::*
cpe:2.3:a:microsoft:asp.net_core:2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core:2.0:::::::*
cpe:2.3:a:microsoft:.net_core:1.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:1.0:::::::*
cpe:2.3:a:microsoft:.net_core:1.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:1.1:::::::*
cpe:2.3:a:microsoft:.net_core:2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:2.0:::::::*
cpe:2.3:a:microsoft:.net_framework_developer_pack:4.7.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework_developer_pack:4.7.2:::::::*
cpe:2.3:a:microsoft:powershell_core:6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:powershell_core:6.0:::::::*
cpe:2.3:a:microsoft:powershell_core:6.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:powershell_core:6.1:::::::*
CVE-2018-8356		https://nvd.nist.gov/vuln/detail/CVE-2018-8356
GHSA-p9wx-v264-q34p		https://github.com/advisories/GHSA-p9wx-v264-q34p