CVE-2023-36566 - Vulnerability Details - OpenCVE

Microsoft Common Data Model SDK Denial of Service Vulnerability

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.09686.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Microsoft	Common Data Model Sdk

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:common_data_model_sdk::::::c\#::*
	cpe:2.3:a:microsoft:common_data_model_sdk::::::java::*
	cpe:2.3:a:microsoft:common_data_model_sdk::::::python::*
	cpe:2.3:a:microsoft:common_data_model_sdk::::::typescript::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-2819	Microsoft Common Data Model SDK Denial of Service Vulnerability
Github GHSA	GHSA-vm2m-7hpw-fpmq	Microsoft Common Data Model SDK Denial of Service Vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36566

History

Tue, 04 Mar 2025 03:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 10 Dec 2024 18:30:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:microsoft:common_data_model_sdk_for_csharp:::::::: cpe:2.3:a:microsoft:common_data_model_sdk_for_java:::::::: cpe:2.3:a:microsoft:common_data_model_sdk_for_python:::::::: cpe:2.3:a:microsoft:common_data_model_sdk_for_typeScript::::::::
Vendors & Products	Microsoft common Data Model Sdk For Csharp Microsoft common Data Model Sdk For Java Microsoft common Data Model Sdk For Python Microsoft common Data Model Sdk For Typescript

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2023-10-10T17:08:13.704Z

Updated: 2025-04-14T22:46:45.828Z

Reserved: 2023-06-23T20:11:38.790Z

Link: CVE-2023-36566

Vulnrichment

Updated: 2024-08-02T16:52:54.017Z

NVD

Status : Modified

Published: 2023-10-10T18:15:13.200

Modified: 2024-11-21T08:09:57.040

Link: CVE-2023-36566

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-36566", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2023-06-23T20:11:38.790Z", "datePublished": "2023-10-10T17:08:13.704Z", "dateUpdated": "2025-04-14T22:46:45.828Z"}, "containers": {"cna": {"title": "Microsoft Common Data Model SDK Denial of Service Vulnerability", "datePublic": "2023-10-10T07:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:common_data_model_sdk_for_java:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "1.7.4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:common_data_model_sdk_for_typeScript:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "1.7.4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:common_data_model_sdk_for_python:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "1.7.4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:common_data_model_sdk_for_csharp:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "1.7.4"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Common Data Model SDK for Java", "platforms": ["Unknown"], "versions": [{"version": "1.0.0", "lessThan": "1.7.4", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Common Data Model SDK for TypeScript", "platforms": ["Unknown"], "versions": [{"version": "1.0.0", "lessThan": "1.7.4", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Common Data Model SDK for Python", "platforms": ["Unknown"], "versions": [{"version": "1.0.0", "lessThan": "1.7.4", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Common Data Model SDK for C#", "platforms": ["Unknown"], "versions": [{"version": "1.0.0", "lessThan": "1.7.4", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Microsoft Common Data Model SDK Denial of Service Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-20: Improper Input Validation", "lang": "en-US", "type": "CWE", "cweId": "CWE-20"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-04-14T22:46:45.828Z"}, "references": [{"name": "Microsoft Common Data Model SDK Denial of Service Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36566"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:52:54.017Z"}, "title": "CVE Program Container", "references": [{"name": "Microsoft Common Data Model SDK Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_transferred"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36566"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-26T21:49:18.362054Z", "id": "CVE-2023-36566", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-27T20:42:18.728Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36566", "name": "Microsoft Common Data Model SDK Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:52:54.017Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-36566", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-26T21:49:18.362054Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-26T19:57:50.651Z"}}], "cna": {"title": "Microsoft Common Data Model SDK Denial of Service Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Common Data Model SDK for Java", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "1.7.4", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft Common Data Model SDK for TypeScript", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "1.7.4", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft Common Data Model SDK for Python", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "1.7.4", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft Common Data Model SDK for C#", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "1.7.4", "versionType": "custom"}], "platforms": ["Unknown"]}], "datePublic": "2023-10-10T07:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36566", "name": "Microsoft Common Data Model SDK Denial of Service Vulnerability", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en-US", "value": "Microsoft Common Data Model SDK Denial of Service Vulnerability"}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:common_data_model_sdk_for_java:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.7.4", "versionStartIncluding": "1.0.0"}, {"criteria": "cpe:2.3:a:microsoft:common_data_model_sdk_for_typeScript:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.7.4", "versionStartIncluding": "1.0.0"}, {"criteria": "cpe:2.3:a:microsoft:common_data_model_sdk_for_python:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.7.4", "versionStartIncluding": "1.0.0"}, {"criteria": "cpe:2.3:a:microsoft:common_data_model_sdk_for_csharp:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.7.4", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-04-14T22:46:45.828Z"}}}, "cveMetadata": {"cveId": "CVE-2023-36566", "state": "PUBLISHED", "dateUpdated": "2025-04-14T22:46:45.828Z", "dateReserved": "2023-06-23T20:11:38.790Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2023-10-10T17:08:13.704Z", "assignerShortName": "microsoft"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:common_data_model_sdk:*:*:*:*:*:c\\#:*:*", "matchCriteriaId": "45D150BE-C1B5-47EA-8FC1-7791FE0BE759", "versionEndExcluding": "1.7.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:common_data_model_sdk:*:*:*:*:*:java:*:*", "matchCriteriaId": "1A8F5296-3582-47CB-BCD5-E241A2A52B7B", "versionEndExcluding": "1.7.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:common_data_model_sdk:*:*:*:*:*:python:*:*", "matchCriteriaId": "245DDF9B-F18C-43C6-875E-82F9B2007004", "versionEndExcluding": "1.7.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:common_data_model_sdk:*:*:*:*:*:typescript:*:*", "matchCriteriaId": "349E2561-D3E0-4C7F-BE6A-E994F587AC0E", "versionEndExcluding": "1.7.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Common Data Model SDK Denial of Service Vulnerability"}, {"lang": "es", "value": "Vulnerabilidad de denegaci\u00f3n de servicio en Microsoft Common Data Model SDK "}], "id": "CVE-2023-36566", "lastModified": "2024-11-21T08:09:57.040", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "secure@microsoft.com", "type": "Secondary"}]}, "published": "2023-10-10T18:15:13.200", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36566"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36566"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "secure@microsoft.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}