CVE-2024-29059

Warnung

EPSS 93.85%
Veröffentlicht 23.03.2024 00:15:09
Zuletzt bearbeitet 05.02.2025 02:00:01
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

.NET Framework Information Disclosure Vulnerability

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ .Net Framework Version3.5 Update-

   Microsoft ≫ Windows 10 1607 Version-
   Microsoft ≫ Windows 10 1809 Version- HwPlatformx64
   Microsoft ≫ Windows Server 2016 Version-
   Microsoft ≫ Windows Server 2019 Version-

Microsoft ≫ .Net Framework Version4.7.2

   Microsoft ≫ Windows 10 1607 Version-
   Microsoft ≫ Windows 10 1809 Version- HwPlatformx64
   Microsoft ≫ Windows Server 2016 Version-
   Microsoft ≫ Windows Server 2019 Version-

Microsoft ≫ .Net Framework Version3.5 Update-

   Microsoft ≫ Windows 10 1607 Version-
   Microsoft ≫ Windows 10 1809 Version-
   Microsoft ≫ Windows 10 21h2 Version-
   Microsoft ≫ Windows 10 22h2 Version-
   Microsoft ≫ Windows 11 21h2 Version-
   Microsoft ≫ Windows Server 2019 Version-
   Microsoft ≫ Windows Server 2022 Version-

Microsoft ≫ .Net Framework Version4.8

Microsoft ≫ .Net Framework Version3.5.1

   Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows Server 2012 Version-
   Microsoft ≫ Windows Server 2012 Versionr2

Microsoft ≫ .Net Framework Version2.0 Updatesp2

Microsoft ≫ Windows Server 2008 Version- Updatesp2

Microsoft ≫ .Net Framework Version3.0 Updatesp2

Microsoft ≫ Windows Server 2008 Version- Updatesp2

Microsoft ≫ .Net Framework Version3.5 Update-

Microsoft ≫ Windows 10 1507 Version- HwPlatformx64
Microsoft ≫ Windows 10 1507 Version- HwPlatformx86

Microsoft ≫ .Net Framework Version4.6

Microsoft ≫ Windows 10 1507 Version- HwPlatformx64
Microsoft ≫ Windows 10 1507 Version- HwPlatformx86

Microsoft ≫ .Net Framework Version4.6.2

Microsoft ≫ Windows 10 1507 Version- HwPlatformx64
Microsoft ≫ Windows 10 1507 Version- HwPlatformx86

Microsoft ≫ .Net Framework Version4.6.2

Microsoft ≫ Windows Server 2008 Version- Updatesp2

Microsoft ≫ .Net Framework Version3.5 Update-

   Microsoft ≫ Windows 10 21h2 Version-
   Microsoft ≫ Windows 10 22h2 Version-
   Microsoft ≫ Windows 11 21h2 Version-
   Microsoft ≫ Windows 11 22h2 Version-
   Microsoft ≫ Windows 11 23h2 Version-
   Microsoft ≫ Windows Server 2022 Version-
   Microsoft ≫ Windows Server 2022 23h2 Version-

Microsoft ≫ .Net Framework Version4.8.1

Microsoft ≫ .Net Framework Version4.6.2

   Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows Server 2012 Version-
   Microsoft ≫ Windows Server 2012 Versionr2

Microsoft ≫ .Net Framework Version4.7

   Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows Server 2012 Version-
   Microsoft ≫ Windows Server 2012 Versionr2

Microsoft ≫ .Net Framework Version4.7.1

   Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows Server 2012 Version-
   Microsoft ≫ Windows Server 2012 Versionr2

Microsoft ≫ .Net Framework Version4.7.2

   Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows Server 2012 Version-
   Microsoft ≫ Windows Server 2012 Versionr2

Microsoft ≫ .Net Framework Version4.8

   Microsoft ≫ Windows 10 1607 Version-
   Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows Server 2012 Version-
   Microsoft ≫ Windows Server 2012 Versionr2
   Microsoft ≫ Windows Server 2016 Version-

04.02.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft .NET Framework Information Disclosure Vulnerability

Schwachstelle

Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	93.85%	0.999

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-29059

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-29059

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-29059

EUVD