Vulnerabilites related to Microsoft - System.Data.SqlClient
cve-2024-0056
Vulnerability from cvelistv5
Published
2024-01-09 17:56
Modified
2024-12-31 18:39
Severity ?
EPSS score ?
Summary
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056 | vendor-advisory |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T17:41:15.885Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1110.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.26", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 7.0", vendor: "Microsoft", versions: [ { lessThan: "7.0.15", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 8.0", vendor: "Microsoft", versions: [ { lessThan: "8.0.1", status: "affected", version: "1.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft.Data.SqlClient", vendor: "Microsoft", versions: [ { lessThan: "2.1.7", status: "affected", version: "1.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "System.Data.SqlClient", vendor: "Microsoft", versions: [ { lessThan: "4.8.6", status: "affected", version: "1.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.23", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.15", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.11", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.4", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (CU 10)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4100.1", status: "affected", version: "0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1607 for 32-bit Systems", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016 (Server Core installation)", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2016", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)", ], product: "Microsoft .NET Framework 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04690.02", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", "Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 11 version 21H2 for x64-based Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8", vendor: "Microsoft", versions: [ { lessThan: "4.8.04690.02", status: "affected", version: "4.8.0", versionType: "custom", }, ], }, { platforms: [ "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows 10 Version 1809 for ARM64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", "Windows 10 Version 1607 for 32-bit Systems", "Windows Server 2016", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016 (Server Core installation)", ], product: "Microsoft .NET Framework 3.5 AND 4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04081.03", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2 (Server Core installation)", "Windows Server 2012 R2", ], product: "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { lessThan: "4.7.04081.02", status: "affected", version: "4.7.0", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2022 (Server Core installation)", "Windows Server 2022", "Windows 11 version 21H2 for x64-based Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 11 Version 22H2 for ARM64-based Systems", "Windows 11 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 11 Version 23H2 for ARM64-based Systems", "Windows Server 2022, 23H2 Edition (Server Core installation)", "Windows 11 Version 23H2 for x64-based Systems", ], product: "Microsoft .NET Framework 3.5 AND 4.8.1", vendor: "Microsoft", versions: [ { lessThan: "4.8.09214.01", status: "affected", version: "4.8.1", versionType: "custom", }, ], }, { platforms: [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2", ], product: "Microsoft .NET Framework 2.0 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "3.0.50727.8976", status: "affected", version: "2.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1110.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.26", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "7.0.15", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "8.0.1", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:data_sql_client:*:*:*:*:*:*:*:*", versionEndExcluding: "2.1.7", versionStartIncluding: "1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:System.Data.SqlClient:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.6", versionStartIncluding: "1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.23", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.15", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.11", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.4", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4100.1", versionStartIncluding: "0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04690.02", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.04690.02", versionStartIncluding: "4.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04081.03", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.7.04081.02", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "4.8.09214.01", versionStartIncluding: "4.8.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*", versionEndExcluding: "3.0.50727.8976", versionStartIncluding: "2.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-01-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-319", description: "CWE-319: Cleartext Transmission of Sensitive Information", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T18:39:37.324Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056", }, ], title: "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-0056", datePublished: "2024-01-09T17:56:58.972Z", dateReserved: "2023-11-22T17:43:06.743Z", dateUpdated: "2024-12-31T18:39:37.324Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2024-01-09 18:15
Modified
2024-11-21 08:45
Severity ?
Summary
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | microsoft.data.sqlclient | * | |
| microsoft | microsoft.data.sqlclient | * | |
| microsoft | microsoft.data.sqlclient | * | |
| microsoft | microsoft.data.sqlclient | * | |
| microsoft | sql_server | 2022 | |
| microsoft | sql_server | 2022 | |
| microsoft | system.data.sqlclient | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | .net_framework | * | |
| microsoft | windows_10_1607 | - | |
| microsoft | windows_10_1607 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | .net_framework | * | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8.1 | |
| microsoft | windows_10_1809 | - | |
| microsoft | windows_10_1809 | - | |
| microsoft | windows_10_21h2 | - | |
| microsoft | windows_10_21h2 | - | |
| microsoft | windows_10_21h2 | - | |
| microsoft | windows_10_22h2 | - | |
| microsoft | windows_10_22h2 | - | |
| microsoft | windows_10_22h2 | - | |
| microsoft | windows_11_21h2 | - | |
| microsoft | windows_11_21h2 | - | |
| microsoft | windows_11_22h2 | - | |
| microsoft | windows_11_22h2 | - | |
| microsoft | windows_11_23h2 | - | |
| microsoft | windows_11_23h2 | - | |
| microsoft | windows_server_2019 | - | |
| microsoft | windows_server_2022 | - | |
| microsoft | windows_server_2022_23h2 | - | |
| microsoft | .net_framework | * | |
| microsoft | .net_framework | 3.5 | |
| microsoft | windows_10_1809 | - | |
| microsoft | windows_10_1809 | - | |
| microsoft | windows_10_21h2 | - | |
| microsoft | windows_10_21h2 | - | |
| microsoft | windows_10_21h2 | - | |
| microsoft | windows_10_22h2 | - | |
| microsoft | windows_10_22h2 | - | |
| microsoft | windows_10_22h2 | - | |
| microsoft | windows_11_21h2 | - | |
| microsoft | windows_11_21h2 | - | |
| microsoft | windows_11_22h2 | - | |
| microsoft | windows_11_22h2 | - | |
| microsoft | windows_server_2019 | - | |
| microsoft | windows_server_2022 | - | |
| microsoft | windows_server_2022_23h2 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10_1607 | - | |
| microsoft | windows_10_1607 | - | |
| microsoft | windows_10_1809 | - | |
| microsoft | windows_10_1809 | - | |
| microsoft | windows_10_1809 | - | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2019 | - | |
| microsoft | .net_framework | 2.0 | |
| microsoft | windows_server_2008 | - | |
| microsoft | .net | * | |
| microsoft | .net | * | |
| microsoft | .net | 8.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:microsoft.data.sqlclient:*:*:*:*:*:*:*:*", matchCriteriaId: "96196E29-EA18-45C5-AE3B-C457B4EBC5B4", versionEndExcluding: "2.1.7", versionStartIncluding: "2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.data.sqlclient:*:*:*:*:*:*:*:*", matchCriteriaId: "BBB755B8-5F3F-424F-9D6D-E13170BF5BB6", versionEndExcluding: "3.1.5", versionStartIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.data.sqlclient:*:*:*:*:*:*:*:*", matchCriteriaId: "B7D0335C-84B7-411C-9D1D-5E9DF5097403", versionEndExcluding: "4.0.5", versionStartIncluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.data.sqlclient:*:*:*:*:*:*:*:*", matchCriteriaId: "DE3BE1DD-CF5E-46FB-BC6C-CE5FB9C5563F", versionEndExcluding: "5.1.3", versionStartIncluding: "5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*", matchCriteriaId: "6CB7AD22-F27B-4807-88F1-02ED420421D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2022:cumulative_update_10:*:*:*:*:*:*", matchCriteriaId: "84A3BAC2-8BB5-46D1-9B6D-5D3FEF082738", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.data.sqlclient:*:*:*:*:*:*:*:*", matchCriteriaId: "E89B2EC1-FF2E-49F5-8CB2-E6E69C6171FE", versionEndExcluding: "4.8.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "05D999A1-AB25-4642-8D94-07AD00FEE820", versionEndExcluding: "17.2.23", versionStartIncluding: "17.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "AE1C61FB-CC6B-4D88-8B7F-FFE9D1238A6C", versionEndExcluding: "17.4.15", versionStartIncluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "7CA9C0A3-7D62-40CE-8493-514CB313F72C", versionEndExcluding: "17.6.11", versionStartIncluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "DD49CC9F-3750-4EB3-A934-E45F0DE41238", versionEndExcluding: "17.8.4", versionStartIncluding: "17.8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "071AF08C-F921-45EC-A6AC-3BCE75D7FB22", versionEndExcluding: "4.8.04690.02", versionStartIncluding: "4.8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*", matchCriteriaId: "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", matchCriteriaId: "0A1BC97A-263E-4291-8AEF-02EE4E6031E9", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "A4F2BA42-96F4-4DD6-ADFC-B5B8D45BCB78", versionEndExcluding: "4.8.04690.01", versionStartIncluding: "4.8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*", matchCriteriaId: "934D4E46-12C1-41DC-A28C-A2C430E965E4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*", matchCriteriaId: "306B7CE6-8239-4AED-9ED4-4C9F5B349F58", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*", matchCriteriaId: "345FCD64-D37B-425B-B64C-8B1640B7E850", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*", matchCriteriaId: "8FC46499-DB6E-48BF-9334-85EE27AFE7AF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*", matchCriteriaId: "83A79DD6-E74E-419F-93F1-323B68502633", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*", matchCriteriaId: "61959ACC-B608-4556-92AF-4D94B338907A", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*", matchCriteriaId: "A9D54EE6-30AF-411C-A285-A4DCB6C6EC06", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*", matchCriteriaId: "C230D3BF-7FCE-405C-B62E-B9190C995C3C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*", matchCriteriaId: "1FD62DCB-66D1-4CEA-828E-0BD302AC63CA", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*", matchCriteriaId: "F2D718BD-C4B7-48DB-BE78-B9CA22F27DD0", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*", matchCriteriaId: "0C3552E0-F793-4CDD-965D-457495475805", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*", matchCriteriaId: "B2D24C54-F04F-4717-B614-FE67B3ED9DC0", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*", matchCriteriaId: "D5EC3F68-8F41-4F6B-B2E5-920322A4A321", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:arm64:*", matchCriteriaId: "B0301BA0-81DB-4FC1-9BC3-EB48A56BC608", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:x64:*", matchCriteriaId: "8E3C1327-F331-4448-A253-00EAC7428317", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", matchCriteriaId: "821614DD-37DD-44E2-A8A4-FE8D23A33C3C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*", matchCriteriaId: "75CCACE6-A0EE-4A6F-BD5A-7AA504B02717", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "071AF08C-F921-45EC-A6AC-3BCE75D7FB22", versionEndExcluding: "4.8.04690.02", versionStartIncluding: "4.8", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*", matchCriteriaId: "306B7CE6-8239-4AED-9ED4-4C9F5B349F58", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*", matchCriteriaId: "345FCD64-D37B-425B-B64C-8B1640B7E850", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*", matchCriteriaId: "8FC46499-DB6E-48BF-9334-85EE27AFE7AF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*", matchCriteriaId: "83A79DD6-E74E-419F-93F1-323B68502633", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*", matchCriteriaId: "61959ACC-B608-4556-92AF-4D94B338907A", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*", matchCriteriaId: "A9D54EE6-30AF-411C-A285-A4DCB6C6EC06", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*", matchCriteriaId: "C230D3BF-7FCE-405C-B62E-B9190C995C3C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*", matchCriteriaId: "1FD62DCB-66D1-4CEA-828E-0BD302AC63CA", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*", matchCriteriaId: "F2D718BD-C4B7-48DB-BE78-B9CA22F27DD0", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*", matchCriteriaId: "0C3552E0-F793-4CDD-965D-457495475805", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*", matchCriteriaId: "B2D24C54-F04F-4717-B614-FE67B3ED9DC0", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*", matchCriteriaId: "D5EC3F68-8F41-4F6B-B2E5-920322A4A321", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", matchCriteriaId: "821614DD-37DD-44E2-A8A4-FE8D23A33C3C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*", matchCriteriaId: "75CCACE6-A0EE-4A6F-BD5A-7AA504B02717", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*", matchCriteriaId: "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", matchCriteriaId: "0A1BC97A-263E-4291-8AEF-02EE4E6031E9", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*", matchCriteriaId: "73D24713-D897-408D-893B-77A61982597D", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*", matchCriteriaId: "306B7CE6-8239-4AED-9ED4-4C9F5B349F58", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*", matchCriteriaId: "345FCD64-D37B-425B-B64C-8B1640B7E850", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", matchCriteriaId: "42A6DF09-B8E1-414D-97E7-453566055279", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", matchCriteriaId: "2127D10C-B6F3-4C1D-B9AA-5D78513CC996", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", matchCriteriaId: "498DF6C9-EC7C-4A4F-A188-B22E82FD6540", versionEndExcluding: "6.0.26", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", matchCriteriaId: "3CE00AC7-D405-4567-8CB1-C3ED7E2925C6", versionEndExcluding: "7.0.15", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:8.0.0:-:*:*:*:*:*:*", matchCriteriaId: "2BD92442-4815-4085-B66F-9A610097A41B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability", }, { lang: "es", value: "Vulnerabilidad de omisión de característica de seguridad del proveedor de datos SQL de Microsoft.Data.SqlClient y System.Data.SqlClient", }, ], id: "CVE-2024-0056", lastModified: "2024-11-21T08:45:49.180", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.8, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-01-09T18:15:46.783", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-319", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }