CVE-2020-0646

CRITICALCISA KEV

9.8

Beschreibung

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht1/14/2020

Zuletzt geandert10/29/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerMicrosoft

Produkt.NET Framework

SchwachstellennameMicrosoft .NET Framework Remote Code Execution Vulnerability

KEV Aufnahmedatum2021-11-03

Behebungsfrist2022-05-03

Ransomware-NutzungUnknown

Betroffene Produkte

microsoft:.net_frameworkmicrosoft:windows_10_1507microsoft:windows_10_1607microsoft:windows_10_1709microsoft:windows_10_1803microsoft:windows_10_1809microsoft:windows_10_1903microsoft:windows_10_1909microsoft:windows_7microsoft:windows_8.1microsoft:windows_rt_8.1microsoft:windows_server_2008microsoft:windows_server_2012microsoft:windows_server_2016microsoft:windows_server_2019

Schwachen (CWE)

CWE-91CWE-91

Referenzen

http://packetstormsecurity.com/files/156930/SharePoint-Workflows-XOML-Injection.html(secure@microsoft.com)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646(secure@microsoft.com)

http://packetstormsecurity.com/files/156930/SharePoint-Workflows-XOML-Injection.html(af854a3a-2127-422b-91ae-364da2661108)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0646(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.