The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple vulnerabilities:

– A vulnerability exist in ASP.NET Core applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords. (CVE-2023-33170)

– A vulnerability exists in .NET applications where the diagnostic server can be exploited to achieve cross-session/cross-user elevation of privilege (EoP) and code execution. (CVE-2023-33127)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More