vulnerability
Oracle Linux: CVE-2021-41355: ELSA-2021-3819: .NET 5.0 security and bugfix update (IMPORTANT)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:A/AC:L/Au:N/C:C/I:N/A:N) | Oct 12, 2021 | Nov 3, 2021 | Nov 27, 2024 |
Severity
6
CVSS
(AV:A/AC:L/Au:N/C:C/I:N/A:N)
Published
Oct 12, 2021
Added
Nov 3, 2021
Modified
Nov 27, 2024
Description
.NET Core and Visual Studio Information Disclosure Vulnerability
A flaw was found in dotnet, where the System.DirectoryServices.Protocols.LdapConnection sends credentials in plaintext if the Transport Layer Security (TLS) handshake fails. This flaw allows an attacker to intercept sensitive information. The highest threat from this vulnerability is to confidentiality.
A flaw was found in dotnet, where the System.DirectoryServices.Protocols.LdapConnection sends credentials in plaintext if the Transport Layer Security (TLS) handshake fails. This flaw allows an attacker to intercept sensitive information. The highest threat from this vulnerability is to confidentiality.
Solutions
oracle-linux-upgrade-aspnetcore-runtime-5-0oracle-linux-upgrade-aspnetcore-targeting-pack-5-0oracle-linux-upgrade-dotnetoracle-linux-upgrade-dotnet-apphost-pack-5-0oracle-linux-upgrade-dotnet-hostoracle-linux-upgrade-dotnet-hostfxr-5-0oracle-linux-upgrade-dotnet-runtime-5-0oracle-linux-upgrade-dotnet-sdk-5-0oracle-linux-upgrade-dotnet-targeting-pack-5-0oracle-linux-upgrade-dotnet-templates-5-0oracle-linux-upgrade-netstandard-targeting-pack-2-1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.