CVE-2023-36736 : Microsoft Identity Linux Broker Remote Code Execution Vulnerability

Microsoft Identity Linux Broker Remote Code Execution Vulnerability

Published 2023-09-12 17:15:10

Updated 2024-05-29 03:15:59

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2023-36736

Microsoft » Identity Linux Broker
Versions before (<) 1.6.1
cpe:2.3:a:microsoft:identity_linux_broker:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.21%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 43 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.4	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	1.8	2.5	Microsoft Corporation
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Assigned by: secure@microsoft.com (Secondary)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36736

CVE-2023-36736 - Security Update Guide - Microsoft - Microsoft Identity Linux Broker Remote Code Execution Vulnerability
Patch;Vendor Advisory

Jump to