Vulnerabilites related to microsoft - sql_2016_azure_connect_feature_pack
CVE-2024-37338 (GCVE-0-2024-37338)
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37338 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2060.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37338", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T19:14:40.625333Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T19:15:34.246Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2060.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2120.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3475.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1125.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4390.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 14)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4140.3", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:02:28.929Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37338", }, ], title: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37338", datePublished: "2024-09-10T16:53:35.477Z", dateReserved: "2024-06-05T20:19:26.777Z", dateUpdated: "2024-12-31T23:02:28.929Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-37337 (GCVE-0-2024-37337)
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37337 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2060.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37337", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T19:05:21.985207Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T19:05:31.207Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2060.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2120.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3475.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1125.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 14)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4140.3", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4390.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-197", description: "CWE-197: Numeric Truncation Error", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:02:38.609Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37337", }, ], title: "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37337", datePublished: "2024-09-10T16:53:39.088Z", dateReserved: "2024-06-05T20:19:26.777Z", dateUpdated: "2024-12-31T23:02:38.609Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-37335 (GCVE-0-2024-37335)
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37335 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2060.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37335", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T19:11:54.266982Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T19:12:47.001Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2060.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2120.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3475.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1125.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4390.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 14)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4140.3", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:02:30.505Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37335", }, ], title: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37335", datePublished: "2024-09-10T16:53:37.267Z", dateReserved: "2024-06-05T20:19:26.776Z", dateUpdated: "2024-12-31T23:02:30.505Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-37339 (GCVE-0-2024-37339)
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37339 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2060.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37339", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T19:05:51.585468Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T19:06:00.959Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2060.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2120.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3475.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1125.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 14)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4140.3", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4390.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-822", description: "CWE-822: Untrusted Pointer Dereference", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:02:37.918Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37339", }, ], title: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37339", datePublished: "2024-09-10T16:53:38.546Z", dateReserved: "2024-06-05T20:19:26.777Z", dateUpdated: "2024-12-31T23:02:37.918Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-37341 (GCVE-0-2024-37341)
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:03
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37341 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2065.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37341", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T18:55:22.879757Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T18:55:33.965Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2065.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2125.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6450.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7045.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3480.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1130.5", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 15)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4150.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4395.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2065.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2125.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6450.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7045.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3480.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1130.5", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4150.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4395.2", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284: Improper Access Control", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:03:01.646Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37341", }, ], title: "Microsoft SQL Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37341", datePublished: "2024-09-10T16:53:54.263Z", dateReserved: "2024-06-05T20:19:26.777Z", dateUpdated: "2024-12-31T23:03:01.646Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-37340 (GCVE-0-2024-37340)
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37340 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2060.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37340", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T19:12:31.036519Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T19:13:58.924Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2060.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2120.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3475.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1125.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 14)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4140.3", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4390.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-822", description: "CWE-822: Untrusted Pointer Dereference", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:02:31.190Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37340", }, ], title: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37340", datePublished: "2024-09-10T16:53:37.939Z", dateReserved: "2024-06-05T20:19:26.777Z", dateUpdated: "2024-12-31T23:02:31.190Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-26186 (GCVE-0-2024-26186)
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26186 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2060.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-26186", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T19:08:32.177448Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T19:08:43.474Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2060.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2120.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3475.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1125.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4390.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 14)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4140.3", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:02:46.337Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26186", }, ], title: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-26186", datePublished: "2024-09-10T16:53:40.280Z", dateReserved: "2024-02-14T22:23:54.099Z", dateUpdated: "2024-12-31T23:02:46.337Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-37342 (GCVE-0-2024-37342)
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37342 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 28) |
Version: 15.0.0 < 15.0.4390.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37342", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T19:09:10.821219Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T19:09:20.150Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4390.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 14)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4140.3", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2060.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2120.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3475.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1125.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:02:40.376Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37342", }, ], title: "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37342", datePublished: "2024-09-10T16:53:39.717Z", dateReserved: "2024-06-05T20:19:26.777Z", dateUpdated: "2024-12-31T23:02:40.376Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-26191 (GCVE-0-2024-26191)
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26191 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2060.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-26191", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T19:07:59.603855Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T19:08:11.315Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2060.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2120.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3475.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1125.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 14)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4140.3", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4390.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:02:46.893Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26191", }, ], title: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-26191", datePublished: "2024-09-10T16:53:40.880Z", dateReserved: "2024-02-14T22:23:54.099Z", dateUpdated: "2024-12-31T23:02:46.893Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-09-23 17:34
Severity ?
Summary
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37339 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sql_2016_azure_connect_feature_pack | * | |
| microsoft | sql_server_2016 | * | |
| microsoft | sql_server_2017 | * | |
| microsoft | sql_server_2017 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_2016_azure_connect_feature_pack:*:*:*:*:*:*:*:*", matchCriteriaId: "B8C67827-D364-4A62-82E3-F5E823B4DF29", versionEndIncluding: "13.0.7037.1", versionStartIncluding: "13.0.7000.253", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*", matchCriteriaId: "52804B2D-2D71-41DC-92BC-4B3C086CFE59", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.6300.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", matchCriteriaId: "092AF402-BDA3-46C2-ADB8-BEA92DF81BA5", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.1000.169", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", matchCriteriaId: "6E6AD612-AB64-4454-970E-D868420C6CC6", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.3006.16", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "64D0E7A9-846A-421E-A3E0-E2C0CDACD13C", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "AF8BBB82-ED5C-4943-A787-EA07536BCFBF", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "30D1D16A-0B3E-49B4-9DB4-77FC462BA503", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "148D362E-101A-4121-9790-B537D02CB114", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código en Microsoft SQL Server Native Scoring", }, ], id: "CVE-2024-37339", lastModified: "2024-09-23T17:34:31.387", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-09-10T17:15:18.207", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37339", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-822", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-09-23 17:00
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37337 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sql_2016_azure_connect_feature_pack | * | |
| microsoft | sql_server_2016 | * | |
| microsoft | sql_server_2017 | * | |
| microsoft | sql_server_2017 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_2016_azure_connect_feature_pack:*:*:*:*:*:*:*:*", matchCriteriaId: "B8C67827-D364-4A62-82E3-F5E823B4DF29", versionEndIncluding: "13.0.7037.1", versionStartIncluding: "13.0.7000.253", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*", matchCriteriaId: "52804B2D-2D71-41DC-92BC-4B3C086CFE59", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.6300.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", matchCriteriaId: "092AF402-BDA3-46C2-ADB8-BEA92DF81BA5", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.1000.169", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", matchCriteriaId: "6E6AD612-AB64-4454-970E-D868420C6CC6", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.3006.16", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "64D0E7A9-846A-421E-A3E0-E2C0CDACD13C", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "AF8BBB82-ED5C-4943-A787-EA07536BCFBF", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "30D1D16A-0B3E-49B4-9DB4-77FC462BA503", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "148D362E-101A-4121-9790-B537D02CB114", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability", }, { lang: "es", value: "Vulnerabilidad de divulgación de información de puntuación nativa de Microsoft SQL Server", }, ], id: "CVE-2024-37337", lastModified: "2024-09-23T17:00:04.290", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-09-10T17:15:17.820", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37337", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-197", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-09-23 17:04
Severity ?
Summary
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37338 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sql_2016_azure_connect_feature_pack | * | |
| microsoft | sql_server_2016 | * | |
| microsoft | sql_server_2017 | * | |
| microsoft | sql_server_2017 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_2016_azure_connect_feature_pack:*:*:*:*:*:*:*:*", matchCriteriaId: "B8C67827-D364-4A62-82E3-F5E823B4DF29", versionEndIncluding: "13.0.7037.1", versionStartIncluding: "13.0.7000.253", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*", matchCriteriaId: "52804B2D-2D71-41DC-92BC-4B3C086CFE59", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.6300.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", matchCriteriaId: "092AF402-BDA3-46C2-ADB8-BEA92DF81BA5", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.1000.169", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", matchCriteriaId: "6E6AD612-AB64-4454-970E-D868420C6CC6", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.3006.16", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "64D0E7A9-846A-421E-A3E0-E2C0CDACD13C", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "AF8BBB82-ED5C-4943-A787-EA07536BCFBF", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "30D1D16A-0B3E-49B4-9DB4-77FC462BA503", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "148D362E-101A-4121-9790-B537D02CB114", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código en Microsoft SQL Server Native Scoring", }, ], id: "CVE-2024-37338", lastModified: "2024-09-23T17:04:22.677", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-09-10T17:15:18.017", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37338", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-09-23 16:48
Severity ?
Summary
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26186 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sql_2016_azure_connect_feature_pack | * | |
| microsoft | sql_server_2016 | * | |
| microsoft | sql_server_2017 | * | |
| microsoft | sql_server_2017 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_2016_azure_connect_feature_pack:*:*:*:*:*:*:*:*", matchCriteriaId: "B8C67827-D364-4A62-82E3-F5E823B4DF29", versionEndIncluding: "13.0.7037.1", versionStartIncluding: "13.0.7000.253", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*", matchCriteriaId: "52804B2D-2D71-41DC-92BC-4B3C086CFE59", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.6300.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", matchCriteriaId: "092AF402-BDA3-46C2-ADB8-BEA92DF81BA5", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.1000.169", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", matchCriteriaId: "6E6AD612-AB64-4454-970E-D868420C6CC6", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.3006.16", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "64D0E7A9-846A-421E-A3E0-E2C0CDACD13C", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "AF8BBB82-ED5C-4943-A787-EA07536BCFBF", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "30D1D16A-0B3E-49B4-9DB4-77FC462BA503", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "148D362E-101A-4121-9790-B537D02CB114", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código en Microsoft SQL Server Native Scoring", }, ], id: "CVE-2024-26186", lastModified: "2024-09-23T16:48:36.993", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-09-10T17:15:16.010", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26186", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-09-23 16:58
Severity ?
Summary
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37335 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sql_2016_azure_connect_feature_pack | * | |
| microsoft | sql_server_2016 | * | |
| microsoft | sql_server_2017 | * | |
| microsoft | sql_server_2017 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_2016_azure_connect_feature_pack:*:*:*:*:*:*:*:*", matchCriteriaId: "B8C67827-D364-4A62-82E3-F5E823B4DF29", versionEndIncluding: "13.0.7037.1", versionStartIncluding: "13.0.7000.253", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*", matchCriteriaId: "52804B2D-2D71-41DC-92BC-4B3C086CFE59", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.6300.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", matchCriteriaId: "092AF402-BDA3-46C2-ADB8-BEA92DF81BA5", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.1000.169", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", matchCriteriaId: "6E6AD612-AB64-4454-970E-D868420C6CC6", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.3006.16", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "64D0E7A9-846A-421E-A3E0-E2C0CDACD13C", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "AF8BBB82-ED5C-4943-A787-EA07536BCFBF", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "30D1D16A-0B3E-49B4-9DB4-77FC462BA503", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "148D362E-101A-4121-9790-B537D02CB114", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código en Microsoft SQL Server Native Scoring", }, ], id: "CVE-2024-37335", lastModified: "2024-09-23T16:58:12.850", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-09-10T17:15:17.603", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37335", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-09-23 16:38
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft SQL Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37341 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sql_2016_azure_connect_feature_pack | * | |
| microsoft | sql_server_2016 | * | |
| microsoft | sql_server_2017 | * | |
| microsoft | sql_server_2017 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_2016_azure_connect_feature_pack:*:*:*:*:*:*:*:*", matchCriteriaId: "8EF3564F-A222-461C-B7B0-7C241CE8A6CA", versionEndExcluding: "13.0.7040.1", versionStartIncluding: "13.0.7000.253", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*", matchCriteriaId: "52804B2D-2D71-41DC-92BC-4B3C086CFE59", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.6300.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", matchCriteriaId: "092AF402-BDA3-46C2-ADB8-BEA92DF81BA5", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.1000.169", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", matchCriteriaId: "6E6AD612-AB64-4454-970E-D868420C6CC6", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.3006.16", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "64D0E7A9-846A-421E-A3E0-E2C0CDACD13C", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "AF8BBB82-ED5C-4943-A787-EA07536BCFBF", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "30D1D16A-0B3E-49B4-9DB4-77FC462BA503", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "148D362E-101A-4121-9790-B537D02CB114", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SQL Server Elevation of Privilege Vulnerability", }, { lang: "es", value: "Vulnerabilidad de elevación de privilegios en Microsoft SQL Server", }, ], id: "CVE-2024-37341", lastModified: "2024-09-23T16:38:24.953", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-09-10T17:15:18.617", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37341", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-09-23 16:51
Severity ?
Summary
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26191 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sql_2016_azure_connect_feature_pack | * | |
| microsoft | sql_server_2016 | * | |
| microsoft | sql_server_2017 | * | |
| microsoft | sql_server_2017 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_2016_azure_connect_feature_pack:*:*:*:*:*:*:*:*", matchCriteriaId: "B8C67827-D364-4A62-82E3-F5E823B4DF29", versionEndIncluding: "13.0.7037.1", versionStartIncluding: "13.0.7000.253", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*", matchCriteriaId: "52804B2D-2D71-41DC-92BC-4B3C086CFE59", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.6300.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", matchCriteriaId: "092AF402-BDA3-46C2-ADB8-BEA92DF81BA5", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.1000.169", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", matchCriteriaId: "6E6AD612-AB64-4454-970E-D868420C6CC6", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.3006.16", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "64D0E7A9-846A-421E-A3E0-E2C0CDACD13C", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "AF8BBB82-ED5C-4943-A787-EA07536BCFBF", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "30D1D16A-0B3E-49B4-9DB4-77FC462BA503", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "148D362E-101A-4121-9790-B537D02CB114", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código en Microsoft SQL Server Native Scoring", }, ], id: "CVE-2024-26191", lastModified: "2024-09-23T16:51:43.927", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-09-10T17:15:16.223", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26191", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-09-23 17:08
Severity ?
Summary
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37340 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sql_2016_azure_connect_feature_pack | * | |
| microsoft | sql_server_2016 | * | |
| microsoft | sql_server_2017 | * | |
| microsoft | sql_server_2017 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_2016_azure_connect_feature_pack:*:*:*:*:*:*:*:*", matchCriteriaId: "B8C67827-D364-4A62-82E3-F5E823B4DF29", versionEndIncluding: "13.0.7037.1", versionStartIncluding: "13.0.7000.253", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*", matchCriteriaId: "52804B2D-2D71-41DC-92BC-4B3C086CFE59", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.6300.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", matchCriteriaId: "092AF402-BDA3-46C2-ADB8-BEA92DF81BA5", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.1000.169", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", matchCriteriaId: "6E6AD612-AB64-4454-970E-D868420C6CC6", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.3006.16", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "64D0E7A9-846A-421E-A3E0-E2C0CDACD13C", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "AF8BBB82-ED5C-4943-A787-EA07536BCFBF", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "30D1D16A-0B3E-49B4-9DB4-77FC462BA503", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "148D362E-101A-4121-9790-B537D02CB114", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código en Microsoft SQL Server Native Scoring", }, ], id: "CVE-2024-37340", lastModified: "2024-09-23T17:08:56.943", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-09-10T17:15:18.417", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37340", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-822", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-10 17:15
Modified
2024-09-23 16:28
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37342 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sql_2016_azure_connect_feature_pack | * | |
| microsoft | sql_server_2016 | * | |
| microsoft | sql_server_2017 | * | |
| microsoft | sql_server_2017 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_2016_azure_connect_feature_pack:*:*:*:*:*:*:*:*", matchCriteriaId: "B8C67827-D364-4A62-82E3-F5E823B4DF29", versionEndIncluding: "13.0.7037.1", versionStartIncluding: "13.0.7000.253", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*", matchCriteriaId: "51287D2C-7524-47CB-BC95-0EB57FD08F00", versionEndIncluding: "13.0.6441.1", versionStartIncluding: "13.0.6300.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", matchCriteriaId: "092AF402-BDA3-46C2-ADB8-BEA92DF81BA5", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.1000.169", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", matchCriteriaId: "6E6AD612-AB64-4454-970E-D868420C6CC6", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.3006.16", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "64D0E7A9-846A-421E-A3E0-E2C0CDACD13C", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "AF8BBB82-ED5C-4943-A787-EA07536BCFBF", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "30D1D16A-0B3E-49B4-9DB4-77FC462BA503", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "148D362E-101A-4121-9790-B537D02CB114", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability", }, { lang: "es", value: "Vulnerabilidad de divulgación de información de puntuación nativa de Microsoft SQL Server", }, ], id: "CVE-2024-37342", lastModified: "2024-09-23T16:28:03.113", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-09-10T17:15:18.817", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37342", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }