{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-26T08:01:49.700","vulnerabilities":[{"cve":{"id":"CVE-2018-8171","sourceIdentifier":"secure@microsoft.com","published":"2018-07-11T00:29:00.320","lastModified":"2024-11-21T04:13:23.863","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."},{"lang":"es","value":"Existe una vulnerabilidad de omisión de la característica de seguridad en ASP.NET cuando el número de intentos de inicio de sesión incorrectos no se valida. Esto también se conoce como \"ASP.NET Security Feature Bypass Vulnerability\". Esto afecta a ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0 y ASP.NET MVC 5.2."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:asp.net_core:1.0:*:*:*:*:*:*:*","matchCriteriaId":"0913F82A-985A-401D-89F6-191684A8AB55"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:asp.net_core:1.1:*:*:*:*:*:*:*","matchCriteriaId":"8256236D-D4F0-4207-B82D-18B0135CEB4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*","matchCriteriaId":"345222C2-CD5B-4613-9FF3-9D034974D54F"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:asp.net_model_view_controller:5.2:*:*:*:*:*:*:*","matchCriteriaId":"72194690-5B02-4E16-81CE-8447790D67A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:asp.net_webpages:3.2.3:*:*:*:*:*:*:*","matchCriteriaId":"E601B5A5-E15B-43BD-98D7-20CBF28A55C6"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/104659","source":"secure@microsoft.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1041267","source":"secure@microsoft.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/104659","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1041267","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}