CWE-556: ASP.NET Misconfiguration: Use of Identity Impersonation

moderate-risk

Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.

Abstraction: Variant

Common Consequences

Access Control Gain Privileges or Assume Identity

Real-World Examples (1)

CVE CVSS EPSS KEV
CVE-2024-37081 7.8 50.3%
41
/ 100
moderate-risk
Active Threat 41/50 · Critical
Exploit Availability 0/50 · Minimal