Assigner | microsoft |
Reserved | 2023-06-21 |
Published | 2023-10-10 |
Updated | 2024-08-02 |
Description
Windows IIS Server Elevation of Privilege Vulnerability
CRITICAL: 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Problem types
CWE-307: Improper Restriction of Excessive Authentication Attempts
Product status
10.0.0 before 10.0.19045.3570
affected
10.0.0 before 10.0.22621.2428
affected
10.0.0 before 10.0.22000.2538
affected
10.0.0 before 10.0.19041.3570
affected
10.0.0 before 10.0.20348.2031
affected
10.0.0 before 10.0.17763.4974
affected
10.0.0 before 10.0.17763.4974
affected
10.0.0 before 10.0.14393.6351
affected
6.0.0 before 6.0.6003.22317
affected
6.0.0 before 6.0.6003.22317
affected
6.2.0 before 6.2.9200.24523
affected
6.0.0 before 6.1.7601.26769
affected
6.3.0 before 6.3.9600.21620
affected
10.0.0 before 10.0.14393.6351
affected
6.0.0 before 6.0.6003.22317
affected
10.0.0 before 10.0.14393.6351
affected
10.0.0 before 10.0.10240.20232
affected
10.0.0 before 10.0.17763.4974
affected
6.1.0 before 6.1.7601.26769
affected
6.2.0 before 6.2.9200.24523
affected
6.3.0 before 6.3.9600.21620
affected
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36434 (Windows IIS Server Elevation of Privilege Vulnerability) vendor-advisory
cve.org CVE-2023-36434
nvd.nist.gov CVE-2023-36434
Download JSON
Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.