CVE-2021-34485 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 71%

Affected Products (NVD)

Vendor	Product	Version
microsoft	.net	5.0 ≤ 𝑥 ≤ 5.0.8
microsoft	.net_core	2.1 ≤ 𝑥 ≤ 2.1.28
microsoft	.net_core	3.1 ≤ 𝑥 ≤ 3.1.17
microsoft	powershell_core	7.0 ≤ 𝑥 < 7.0.7
microsoft	powershell_core	7.1 ≤ 𝑥 < 7.1.4
microsoft	visual_studio_2017	15.0 ≤ 𝑥 ≤ 15.9
microsoft	visual_studio_2019	16.0 ≤ 𝑥 ≤ 16.10

𝑥

= Vulnerable software versions

Red Hat Enterprise Linux Releases

Red Hat Product

Release

aspnetcore-runtime-3.1

RHEL 8	0:3.1.18-1.el8_4 fixed
RHEL 8.4 AUS	0:3.1.18-1.el8_4 fixed
RHEL 8.4 E4S	0:3.1.18-1.el8_4 fixed
RHEL 8.4 EUS	0:3.1.18-1.el8_4 fixed
RHEL 8.4 TUS	0:3.1.18-1.el8_4 fixed

aspnetcore-runtime-5.0

RHEL 8	0:5.0.9-1.el8_4 fixed
RHEL 8.4 AUS	0:5.0.9-1.el8_4 fixed
RHEL 8.4 E4S	0:5.0.9-1.el8_4 fixed
RHEL 8.4 EUS	0:5.0.9-1.el8_4 fixed
RHEL 8.4 TUS	0:5.0.9-1.el8_4 fixed

aspnetcore-targeting-pack-3.1

RHEL 8	0:3.1.18-1.el8_4 fixed
RHEL 8.4 AUS	0:3.1.18-1.el8_4 fixed
RHEL 8.4 E4S	0:3.1.18-1.el8_4 fixed
RHEL 8.4 EUS	0:3.1.18-1.el8_4 fixed
RHEL 8.4 TUS	0:3.1.18-1.el8_4 fixed

aspnetcore-targeting-pack-5.0

RHEL 8	0:5.0.9-1.el8_4 fixed
RHEL 8.4 AUS	0:5.0.9-1.el8_4 fixed
RHEL 8.4 E4S	0:5.0.9-1.el8_4 fixed
RHEL 8.4 EUS	0:5.0.9-1.el8_4 fixed
RHEL 8.4 TUS	0:5.0.9-1.el8_4 fixed

dotnet

RHEL 8	0:5.0.206-1.el8_4 fixed
RHEL 8.4 AUS	0:5.0.206-1.el8_4 fixed
RHEL 8.4 E4S	0:5.0.206-1.el8_4 fixed
RHEL 8.4 EUS	0:5.0.206-1.el8_4 fixed
RHEL 8.4 TUS	0:5.0.206-1.el8_4 fixed

dotnet-apphost-pack-3.1

RHEL 8	0:3.1.18-1.el8_4 fixed
RHEL 8.4 AUS	0:3.1.18-1.el8_4 fixed
RHEL 8.4 E4S	0:3.1.18-1.el8_4 fixed
RHEL 8.4 EUS	0:3.1.18-1.el8_4 fixed
RHEL 8.4 TUS	0:3.1.18-1.el8_4 fixed

dotnet-apphost-pack-5.0

RHEL 8	0:5.0.9-1.el8_4 fixed
RHEL 8.4 AUS	0:5.0.9-1.el8_4 fixed
RHEL 8.4 E4S	0:5.0.9-1.el8_4 fixed
RHEL 8.4 EUS	0:5.0.9-1.el8_4 fixed
RHEL 8.4 TUS	0:5.0.9-1.el8_4 fixed

dotnet-host

RHEL 8	0:5.0.9-1.el8_4 fixed
RHEL 8.4 AUS	0:5.0.9-1.el8_4 fixed
RHEL 8.4 E4S	0:5.0.9-1.el8_4 fixed
RHEL 8.4 EUS	0:5.0.9-1.el8_4 fixed
RHEL 8.4 TUS	0:5.0.9-1.el8_4 fixed

dotnet-host-fxr-2.1

RHEL 8	0:2.1.29-1.el8_4 fixed
RHEL 8.4 AUS	0:2.1.29-1.el8_4 fixed
RHEL 8.4 E4S	0:2.1.29-1.el8_4 fixed
RHEL 8.4 EUS	0:2.1.29-1.el8_4 fixed
RHEL 8.4 TUS	0:2.1.29-1.el8_4 fixed

dotnet-hostfxr-3.1

RHEL 8	0:3.1.18-1.el8_4 fixed
RHEL 8.4 AUS	0:3.1.18-1.el8_4 fixed
RHEL 8.4 E4S	0:3.1.18-1.el8_4 fixed
RHEL 8.4 EUS	0:3.1.18-1.el8_4 fixed
RHEL 8.4 TUS	0:3.1.18-1.el8_4 fixed

dotnet-hostfxr-5.0

RHEL 8	0:5.0.9-1.el8_4 fixed
RHEL 8.4 AUS	0:5.0.9-1.el8_4 fixed
RHEL 8.4 E4S	0:5.0.9-1.el8_4 fixed
RHEL 8.4 EUS	0:5.0.9-1.el8_4 fixed
RHEL 8.4 TUS	0:5.0.9-1.el8_4 fixed

dotnet-runtime-2.1

RHEL 8	0:2.1.29-1.el8_4 fixed
RHEL 8.4 AUS	0:2.1.29-1.el8_4 fixed
RHEL 8.4 E4S	0:2.1.29-1.el8_4 fixed
RHEL 8.4 EUS	0:2.1.29-1.el8_4 fixed
RHEL 8.4 TUS	0:2.1.29-1.el8_4 fixed

dotnet-runtime-3.1

RHEL 8	0:3.1.18-1.el8_4 fixed
RHEL 8.4 AUS	0:3.1.18-1.el8_4 fixed
RHEL 8.4 E4S	0:3.1.18-1.el8_4 fixed
RHEL 8.4 EUS	0:3.1.18-1.el8_4 fixed
RHEL 8.4 TUS	0:3.1.18-1.el8_4 fixed

dotnet-runtime-5.0

RHEL 8	0:5.0.9-1.el8_4 fixed
RHEL 8.4 AUS	0:5.0.9-1.el8_4 fixed
RHEL 8.4 E4S	0:5.0.9-1.el8_4 fixed
RHEL 8.4 EUS	0:5.0.9-1.el8_4 fixed
RHEL 8.4 TUS	0:5.0.9-1.el8_4 fixed

dotnet-sdk-2.1

RHEL 8	0:2.1.525-1.el8_4 fixed
RHEL 8.4 AUS	0:2.1.525-1.el8_4 fixed
RHEL 8.4 E4S	0:2.1.525-1.el8_4 fixed
RHEL 8.4 EUS	0:2.1.525-1.el8_4 fixed
RHEL 8.4 TUS	0:2.1.525-1.el8_4 fixed

dotnet-sdk-2.1.5xx

RHEL 8	0:2.1.525-1.el8_4 fixed
RHEL 8.4 AUS	0:2.1.525-1.el8_4 fixed
RHEL 8.4 E4S	0:2.1.525-1.el8_4 fixed
RHEL 8.4 EUS	0:2.1.525-1.el8_4 fixed
RHEL 8.4 TUS	0:2.1.525-1.el8_4 fixed

dotnet-sdk-3.1

RHEL 8	0:3.1.118-1.el8_4 fixed
RHEL 8.4 AUS	0:3.1.118-1.el8_4 fixed
RHEL 8.4 E4S	0:3.1.118-1.el8_4 fixed
RHEL 8.4 EUS	0:3.1.118-1.el8_4 fixed
RHEL 8.4 TUS	0:3.1.118-1.el8_4 fixed

dotnet-sdk-5.0

RHEL 8	0:5.0.206-1.el8_4 fixed
RHEL 8.4 AUS	0:5.0.206-1.el8_4 fixed
RHEL 8.4 E4S	0:5.0.206-1.el8_4 fixed
RHEL 8.4 EUS	0:5.0.206-1.el8_4 fixed
RHEL 8.4 TUS	0:5.0.206-1.el8_4 fixed

dotnet-targeting-pack-3.1

RHEL 8	0:3.1.18-1.el8_4 fixed
RHEL 8.4 AUS	0:3.1.18-1.el8_4 fixed
RHEL 8.4 E4S	0:3.1.18-1.el8_4 fixed
RHEL 8.4 EUS	0:3.1.18-1.el8_4 fixed
RHEL 8.4 TUS	0:3.1.18-1.el8_4 fixed

dotnet-targeting-pack-5.0

RHEL 8	0:5.0.9-1.el8_4 fixed
RHEL 8.4 AUS	0:5.0.9-1.el8_4 fixed
RHEL 8.4 E4S	0:5.0.9-1.el8_4 fixed
RHEL 8.4 EUS	0:5.0.9-1.el8_4 fixed
RHEL 8.4 TUS	0:5.0.9-1.el8_4 fixed

dotnet-templates-3.1

RHEL 8	0:3.1.118-1.el8_4 fixed
RHEL 8.4 AUS	0:3.1.118-1.el8_4 fixed
RHEL 8.4 E4S	0:3.1.118-1.el8_4 fixed
RHEL 8.4 EUS	0:3.1.118-1.el8_4 fixed
RHEL 8.4 TUS	0:3.1.118-1.el8_4 fixed

dotnet-templates-5.0

RHEL 8	0:5.0.206-1.el8_4 fixed
RHEL 8.4 AUS	0:5.0.206-1.el8_4 fixed
RHEL 8.4 E4S	0:5.0.206-1.el8_4 fixed
RHEL 8.4 EUS	0:5.0.206-1.el8_4 fixed
RHEL 8.4 TUS	0:5.0.206-1.el8_4 fixed

netstandard-targeting-pack-2.1

RHEL 8	0:5.0.206-1.el8_4 fixed
RHEL 8.4 AUS	0:5.0.206-1.el8_4 fixed
RHEL 8.4 E4S	0:5.0.206-1.el8_4 fixed
RHEL 8.4 EUS	0:5.0.206-1.el8_4 fixed
RHEL 8.4 TUS	0:5.0.206-1.el8_4 fixed

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34485