Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-36730 (GCVE-0-2023-36730)
Vulnerability from cvelistv5 – Published: 2023-10-10 17:07 – Updated: 2025-04-14 22:45
VLAI?
EPSS
Title
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft SQL Server 2019 (GDR) |
Affected:
15.0.0 , < 15.0.2104.1
(custom)
|
|
| Microsoft | Microsoft SQL Server 2022 (GDR) |
Affected:
16.0.0 , < 16.0.1105.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on Windows |
Affected:
17.0.0.0 , < 17.10.5.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on Linux |
Affected:
17.0.0.0 , < 17.10.5.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on MacOS |
Affected:
17.0.0.0 , < 17.10.5.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on Windows |
Affected:
18.0.0.0 , < 18.3.2.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on Linux |
Affected:
18.0.0.0 , < 18.3.2.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on MacOS |
Affected:
18.0.0.0 , < 18.3.2.1
(custom)
|
|
| Microsoft | Microsoft SQL Server 2022 (CU 8) |
Affected:
15.0.0 , < 16.0.4080.1
(custom)
|
|
| Microsoft | Microsoft SQL Server 2019 (CU 22) |
Affected:
15.0.0 , < 15.0.4326.1
(custom)
|
Date Public ?
2023-10-10 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:54.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36730",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:50:10.793075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:44:39.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.2104.1",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.1105.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.5.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.5.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.5.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.2.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.2.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.2.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (CU 8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.4080.1",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (CU 22)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.4326.1",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.2104.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.1105.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.5.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.5.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.5.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.2.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.2.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.2.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.4080.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.4326.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-10-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T22:45:59.713Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
}
],
"title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-36730",
"datePublished": "2023-10-10T17:07:31.809Z",
"dateReserved": "2023-06-26T13:29:45.604Z",
"dateUpdated": "2025-04-14T22:45:59.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-36730",
"date": "2026-05-20",
"epss": "0.00461",
"percentile": "0.64351"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*\", \"versionStartIncluding\": \"17.0\", \"versionEndExcluding\": \"17.10.5.1\", \"matchCriteriaId\": \"FEE52D75-0785-47A8-A024-14A83B9732A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*\", \"versionStartIncluding\": \"17.0\", \"versionEndExcluding\": \"17.10.5.1\", \"matchCriteriaId\": \"5C5B4D78-6EA4-41E6-A403-2D018D9F0692\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*\", \"versionStartIncluding\": \"17.0\", \"versionEndExcluding\": \"17.10.5.1\", \"matchCriteriaId\": \"CC490F0A-842A-4590-8CAC-07BB599D8F4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*\", \"versionStartIncluding\": \"18.0\", \"versionEndExcluding\": \"18.3.2.1\", \"matchCriteriaId\": \"90718D50-D4D8-4949-ADB3-310879B2A574\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*\", \"versionStartIncluding\": \"18.0\", \"versionEndExcluding\": \"18.3.2.1\", \"matchCriteriaId\": \"C9BEA137-3C0A-472A-9A5B-428E00302626\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*\", \"versionStartIncluding\": \"18.0\", \"versionEndExcluding\": \"18.3.2.1\", \"matchCriteriaId\": \"2EDAA3E7-9DA2-4C2F-B626-60A747015FE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"9144F644-A3D4-440C-8978-257E71204617\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"6CB7AD22-F27B-4807-88F1-02ED420421D5\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de ejecuci\\u00f3n remota de c\\u00f3digo en Microsoft ODBC Driver para SQL Server \"}]",
"id": "CVE-2023-36730",
"lastModified": "2024-11-21T08:10:28.543",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@microsoft.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
"published": "2023-10-10T18:15:17.160",
"references": "[{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-122\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-36730\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2023-10-10T18:15:17.160\",\"lastModified\":\"2024-11-21T08:10:28.543\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft ODBC Driver para SQL Server \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndExcluding\":\"17.10.5.1\",\"matchCriteriaId\":\"FEE52D75-0785-47A8-A024-14A83B9732A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndExcluding\":\"17.10.5.1\",\"matchCriteriaId\":\"5C5B4D78-6EA4-41E6-A403-2D018D9F0692\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndExcluding\":\"17.10.5.1\",\"matchCriteriaId\":\"CC490F0A-842A-4590-8CAC-07BB599D8F4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*\",\"versionStartIncluding\":\"18.0\",\"versionEndExcluding\":\"18.3.2.1\",\"matchCriteriaId\":\"90718D50-D4D8-4949-ADB3-310879B2A574\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*\",\"versionStartIncluding\":\"18.0\",\"versionEndExcluding\":\"18.3.2.1\",\"matchCriteriaId\":\"C9BEA137-3C0A-472A-9A5B-428E00302626\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"18.0\",\"versionEndExcluding\":\"18.3.2.1\",\"matchCriteriaId\":\"2EDAA3E7-9DA2-4C2F-B626-60A747015FE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"9144F644-A3D4-440C-8978-257E71204617\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"6CB7AD22-F27B-4807-88F1-02ED420421D5\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730\", \"name\": \"Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T16:52:54.089Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-36730\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-26T21:50:10.793075Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-26T19:58:29.908Z\"}}], \"cna\": {\"title\": \"Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Microsoft SQL Server 2019 (GDR)\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.0.0\", \"lessThan\": \"15.0.2104.1\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SQL Server 2022 (GDR)\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.1105.1\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft ODBC Driver 17 for SQL Server on Windows\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.0.0.0\", \"lessThan\": \"17.10.5.1\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft ODBC Driver 17 for SQL Server on Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.0.0.0\", \"lessThan\": \"17.10.5.1\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft ODBC Driver 17 for SQL Server on MacOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.0.0.0\", \"lessThan\": \"17.10.5.1\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft ODBC Driver 18 for SQL Server on Windows\", \"versions\": [{\"status\": \"affected\", \"version\": \"18.0.0.0\", \"lessThan\": \"18.3.2.1\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft ODBC Driver 18 for SQL Server on Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"18.0.0.0\", \"lessThan\": \"18.3.2.1\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft ODBC Driver 18 for SQL Server on MacOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"18.0.0.0\", \"lessThan\": \"18.3.2.1\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SQL Server 2022 (CU 8)\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.0.0\", \"lessThan\": \"16.0.4080.1\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SQL Server 2019 (CU 22)\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.0.0\", \"lessThan\": \"15.0.4326.1\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}], \"datePublic\": \"2023-10-10T07:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730\", \"name\": \"Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122: Heap-based Buffer Overflow\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"15.0.2104.1\", \"versionStartIncluding\": \"15.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.1105.1\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.10.5.1\", \"versionStartIncluding\": \"17.0.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.10.5.1\", \"versionStartIncluding\": \"17.0.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.10.5.1\", \"versionStartIncluding\": \"17.0.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"18.3.2.1\", \"versionStartIncluding\": \"18.0.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"18.3.2.1\", \"versionStartIncluding\": \"18.0.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"18.3.2.1\", \"versionStartIncluding\": \"18.0.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.4080.1\", \"versionStartIncluding\": \"15.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"15.0.4326.1\", \"versionStartIncluding\": \"15.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2025-04-14T22:45:59.713Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-36730\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-14T22:45:59.713Z\", \"dateReserved\": \"2023-06-26T13:29:45.604Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2023-10-10T17:07:31.809Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2023-AVI-0827
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Microsoft Windows. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données, une exécution de code à distance, un déni de service et un contournement de la fonctionnalité de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Windows | Windows Server 2022 | ||
| Microsoft | Windows | Windows Server 2012 | ||
| Microsoft | Windows | Windows 10 pour systèmes x64 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2019 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2019 | ||
| Microsoft | Windows | Windows Server 2012 R2 | ||
| Microsoft | Windows | Windows Server 2022 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 11 version 21H2 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2016 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes x64 | ||
| Microsoft | Windows | Windows 11 version 21H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2012 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 | ||
| Microsoft | Windows | Microsoft ODBC Driver 18 pour SQL Server on Windows | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 11 Version 22H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows Server 2016 | ||
| Microsoft | Windows | PowerShell 7.3 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) | ||
| Microsoft | Windows | Microsoft ODBC Driver 17 pour SQL Server on Windows | ||
| Microsoft | Windows | Windows Server 2012 R2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows 11 Version 22H2 pour systèmes x64 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Windows Server 2022",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 version 21H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 version 21H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 18 pour SQL Server on Windows",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 22H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "PowerShell 7.3",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 17 pour SQL Server on Windows",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 22H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36438",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36438"
},
{
"name": "CVE-2023-36577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36577"
},
{
"name": "CVE-2023-36776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36776"
},
{
"name": "CVE-2023-36722",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36722"
},
{
"name": "CVE-2023-36728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36728"
},
{
"name": "CVE-2023-41766",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41766"
},
{
"name": "CVE-2023-36743",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36743"
},
{
"name": "CVE-2023-36579",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36579"
},
{
"name": "CVE-2023-36717",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36717"
},
{
"name": "CVE-2023-36603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36603"
},
{
"name": "CVE-2023-36420",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36420"
},
{
"name": "CVE-2023-36564",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36564"
},
{
"name": "CVE-2023-36605",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36605"
},
{
"name": "CVE-2023-38166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38166"
},
{
"name": "CVE-2023-36431",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36431"
},
{
"name": "CVE-2023-36713",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36713"
},
{
"name": "CVE-2023-36557",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36557"
},
{
"name": "CVE-2023-41765",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41765"
},
{
"name": "CVE-2023-36721",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36721"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-36707",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36707"
},
{
"name": "CVE-2023-41769",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41769"
},
{
"name": "CVE-2023-36730",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36730"
},
{
"name": "CVE-2023-36581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36581"
},
{
"name": "CVE-2023-29348",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29348"
},
{
"name": "CVE-2023-41773",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41773"
},
{
"name": "CVE-2023-36571",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36571"
},
{
"name": "CVE-2023-36726",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36726"
},
{
"name": "CVE-2023-36706",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36706"
},
{
"name": "CVE-2023-36583",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36583"
},
{
"name": "CVE-2023-36590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36590"
},
{
"name": "CVE-2023-36710",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36710"
},
{
"name": "CVE-2023-36725",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36725"
},
{
"name": "CVE-2023-36790",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36790"
},
{
"name": "CVE-2023-36434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36434"
},
{
"name": "CVE-2023-36729",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36729"
},
{
"name": "CVE-2023-36702",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36702"
},
{
"name": "CVE-2023-36718",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36718"
},
{
"name": "CVE-2023-36591",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36591"
},
{
"name": "CVE-2023-36576",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36576"
},
{
"name": "CVE-2023-36584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36584"
},
{
"name": "CVE-2023-36567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36567"
},
{
"name": "CVE-2023-36594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36594"
},
{
"name": "CVE-2023-36573",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36573"
},
{
"name": "CVE-2023-36711",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36711"
},
{
"name": "CVE-2023-36570",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36570"
},
{
"name": "CVE-2023-36572",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36572"
},
{
"name": "CVE-2023-36578",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36578"
},
{
"name": "CVE-2023-36724",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36724"
},
{
"name": "CVE-2023-36582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36582"
},
{
"name": "CVE-2023-36720",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36720"
},
{
"name": "CVE-2023-38159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38159"
},
{
"name": "CVE-2023-38171",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38171"
},
{
"name": "CVE-2023-36585",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36585"
},
{
"name": "CVE-2023-36723",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36723"
},
{
"name": "CVE-2023-36703",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36703"
},
{
"name": "CVE-2023-36596",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36596"
},
{
"name": "CVE-2023-36701",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36701"
},
{
"name": "CVE-2023-41770",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41770"
},
{
"name": "CVE-2023-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41771"
},
{
"name": "CVE-2023-36709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36709"
},
{
"name": "CVE-2023-41767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41767"
},
{
"name": "CVE-2023-36435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36435"
},
{
"name": "CVE-2023-36589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36589"
},
{
"name": "CVE-2023-36593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36593"
},
{
"name": "CVE-2023-36698",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36698"
},
{
"name": "CVE-2023-36732",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36732"
},
{
"name": "CVE-2023-36575",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36575"
},
{
"name": "CVE-2023-41774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41774"
},
{
"name": "CVE-2023-36731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36731"
},
{
"name": "CVE-2023-36592",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36592"
},
{
"name": "CVE-2023-36606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36606"
},
{
"name": "CVE-2023-36785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36785"
},
{
"name": "CVE-2023-36602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36602"
},
{
"name": "CVE-2023-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41772"
},
{
"name": "CVE-2023-41768",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41768"
},
{
"name": "CVE-2023-36436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36436"
},
{
"name": "CVE-2023-36574",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36574"
},
{
"name": "CVE-2023-36697",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36697"
},
{
"name": "CVE-2023-36712",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36712"
},
{
"name": "CVE-2023-36704",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36704"
},
{
"name": "CVE-2023-36563",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36563"
},
{
"name": "CVE-2023-35349",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35349"
},
{
"name": "CVE-2023-36598",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36598"
},
{
"name": "CVE-2023-36902",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36902"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36731 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36731"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36590 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36590"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-35349 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35349"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36728 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36420 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41772 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41772"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36571 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36571"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36594 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36594"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36596 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36596"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36577 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36577"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36790 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36790"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36585 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36585"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-29348 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29348"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36785 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41768 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41768"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36563 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36563"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36583 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36583"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41770 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41770"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36436 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36436"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36431 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36431"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38159 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38159"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36718 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36718"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36776 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36776"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36572 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36572"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36564 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36564"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36591 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36591"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36582 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36582"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36701 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36701"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36605 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36605"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36581 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36581"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36573 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36573"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36602 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36602"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36584 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36584"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36576 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36576"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-44487 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36574 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36574"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36720 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36720"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36709 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36709"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36730 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36593 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36593"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36729 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36729"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36717 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36717"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38166 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38166"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36698 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36698"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36726 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36726"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36434 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36434"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36703 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36703"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36712 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36712"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36902 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36902"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36706 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36706"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41767 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41767"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36697 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36697"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36711 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36711"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36578 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36578"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36724 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36724"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36557 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36557"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36723 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36723"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36570 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36570"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41771 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41771"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36598 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36598"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38171 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36589 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36589"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36725 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36725"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36438 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36438"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36722 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36722"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41765 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41765"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36603 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36603"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41769 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41769"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36713 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36713"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36721 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36721"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36435 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36435"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41774 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41774"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36704 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36704"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36710 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36710"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36575 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36575"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36606 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36606"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41773 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41773"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36567 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36567"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36702 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36702"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36579 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36579"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36707 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36707"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36592 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36592"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36732 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36732"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41766 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41766"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36743 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36743"
}
],
"reference": "CERTFR-2023-AVI-0827",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-11T00:00:00.000000"
},
{
"description": "Microsoft a d\u00e9clar\u00e9 que PowerShell 7.3 \u00e9tait \u00e9galement affect\u00e9 par les vuln\u00e9rabilit\u00e9s CVE-2023-36435 et CVE-2023-38171",
"revision_date": "2023-10-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code \u00e0 distance, un d\u00e9ni\nde service et un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0830
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une élévation de privilèges, une usurpation d'identité, une exécution de code à distance, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 13 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.2 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.7 | ||
| Microsoft | N/A | Microsoft OLE DB Driver 19 pour SQL Server | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes 32 bits (CU 4) | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 (GDR) | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.6 | ||
| Microsoft | N/A | Microsoft Common Data Model SDK pour C# | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 23 | ||
| Microsoft | Azure | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connect Feature Pack | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes x64 (CU 4) | ||
| Microsoft | N/A | Skype pour Business Server 2019 CU7 | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.1 | ||
| Microsoft | N/A | Skype pour Business Server 2015 CU13 | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour 64 bits Systems | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (CU 31) | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.4 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft ODBC Driver 18 pour SQL Server on MacOS | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (CU 22) | ||
| Microsoft | N/A | Microsoft ODBC Driver 17 pour SQL Server on MacOS | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.0 | ||
| Microsoft | N/A | Microsoft Common Data Model SDK pour TypeScript | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (CU 8) | ||
| Microsoft | N/A | Microsoft Common Data Model SDK pour Java | ||
| Microsoft | N/A | Microsoft ODBC Driver 17 pour SQL Server on Linux | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 12 | ||
| Microsoft | N/A | Microsoft OLE DB Driver 18 pour SQL Server | ||
| Microsoft | N/A | Microsoft ODBC Driver 18 pour SQL Server on Linux | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes 32 bits (GDR) | ||
| Microsoft | N/A | Microsoft Common Data Model SDK pour Python |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 13",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OLE DB Driver 19 pour SQL Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes 32 bits (CU 4)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Common Data Model SDK pour C#",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 Azure Connect Feature Pack",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes x64 (CU 4)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype pour Business Server 2019 CU7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype pour Business Server 2015 CU13",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour 64 bits Systems",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (CU 31)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 18 pour SQL Server on MacOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 22)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 17 pour SQL Server on MacOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Common Data Model SDK pour TypeScript",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (CU 8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Common Data Model SDK pour Java",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 17 pour SQL Server on Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OLE DB Driver 18 pour SQL Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 18 pour SQL Server on Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes 32 bits (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Common Data Model SDK pour Python",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36728"
},
{
"name": "CVE-2023-36429",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36429"
},
{
"name": "CVE-2023-36420",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36420"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-36730",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36730"
},
{
"name": "CVE-2023-36789",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36789"
},
{
"name": "CVE-2023-36778",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36778"
},
{
"name": "CVE-2023-36566",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36566"
},
{
"name": "CVE-2023-36780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36780"
},
{
"name": "CVE-2023-36786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36786"
},
{
"name": "CVE-2023-36568",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36568"
},
{
"name": "CVE-2023-38171",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38171"
},
{
"name": "CVE-2023-36417",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36417"
},
{
"name": "CVE-2023-41763",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41763"
},
{
"name": "CVE-2023-36416",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36416"
},
{
"name": "CVE-2023-36785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36785"
},
{
"name": "CVE-2023-36433",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36433"
},
{
"name": "CVE-2023-36569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36569"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36728 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36420 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36785 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41763 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41763"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36429 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36429"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36569 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36569"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36568 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36568"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36433 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36433"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36566 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36566"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36786 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36786"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-44487 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36730 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36789 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36789"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36416 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36416"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36778 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36778"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38171 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36417 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36780 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36780"
}
],
"reference": "CERTFR-2023-AVI-0830",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une usurpation\nd\u0027identit\u00e9, une ex\u00e9cution de code \u00e0 distance, un d\u00e9ni de service et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0827
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Microsoft Windows. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données, une exécution de code à distance, un déni de service et un contournement de la fonctionnalité de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Windows | Windows Server 2022 | ||
| Microsoft | Windows | Windows Server 2012 | ||
| Microsoft | Windows | Windows 10 pour systèmes x64 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2019 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2019 | ||
| Microsoft | Windows | Windows Server 2012 R2 | ||
| Microsoft | Windows | Windows Server 2022 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 11 version 21H2 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2016 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes x64 | ||
| Microsoft | Windows | Windows 11 version 21H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2012 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 | ||
| Microsoft | Windows | Microsoft ODBC Driver 18 pour SQL Server on Windows | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 11 Version 22H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows Server 2016 | ||
| Microsoft | Windows | PowerShell 7.3 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) | ||
| Microsoft | Windows | Microsoft ODBC Driver 17 pour SQL Server on Windows | ||
| Microsoft | Windows | Windows Server 2012 R2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows 11 Version 22H2 pour systèmes x64 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Windows Server 2022",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 version 21H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 version 21H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 18 pour SQL Server on Windows",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 22H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "PowerShell 7.3",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 17 pour SQL Server on Windows",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 22H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36438",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36438"
},
{
"name": "CVE-2023-36577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36577"
},
{
"name": "CVE-2023-36776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36776"
},
{
"name": "CVE-2023-36722",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36722"
},
{
"name": "CVE-2023-36728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36728"
},
{
"name": "CVE-2023-41766",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41766"
},
{
"name": "CVE-2023-36743",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36743"
},
{
"name": "CVE-2023-36579",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36579"
},
{
"name": "CVE-2023-36717",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36717"
},
{
"name": "CVE-2023-36603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36603"
},
{
"name": "CVE-2023-36420",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36420"
},
{
"name": "CVE-2023-36564",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36564"
},
{
"name": "CVE-2023-36605",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36605"
},
{
"name": "CVE-2023-38166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38166"
},
{
"name": "CVE-2023-36431",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36431"
},
{
"name": "CVE-2023-36713",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36713"
},
{
"name": "CVE-2023-36557",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36557"
},
{
"name": "CVE-2023-41765",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41765"
},
{
"name": "CVE-2023-36721",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36721"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-36707",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36707"
},
{
"name": "CVE-2023-41769",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41769"
},
{
"name": "CVE-2023-36730",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36730"
},
{
"name": "CVE-2023-36581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36581"
},
{
"name": "CVE-2023-29348",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29348"
},
{
"name": "CVE-2023-41773",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41773"
},
{
"name": "CVE-2023-36571",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36571"
},
{
"name": "CVE-2023-36726",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36726"
},
{
"name": "CVE-2023-36706",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36706"
},
{
"name": "CVE-2023-36583",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36583"
},
{
"name": "CVE-2023-36590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36590"
},
{
"name": "CVE-2023-36710",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36710"
},
{
"name": "CVE-2023-36725",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36725"
},
{
"name": "CVE-2023-36790",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36790"
},
{
"name": "CVE-2023-36434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36434"
},
{
"name": "CVE-2023-36729",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36729"
},
{
"name": "CVE-2023-36702",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36702"
},
{
"name": "CVE-2023-36718",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36718"
},
{
"name": "CVE-2023-36591",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36591"
},
{
"name": "CVE-2023-36576",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36576"
},
{
"name": "CVE-2023-36584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36584"
},
{
"name": "CVE-2023-36567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36567"
},
{
"name": "CVE-2023-36594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36594"
},
{
"name": "CVE-2023-36573",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36573"
},
{
"name": "CVE-2023-36711",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36711"
},
{
"name": "CVE-2023-36570",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36570"
},
{
"name": "CVE-2023-36572",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36572"
},
{
"name": "CVE-2023-36578",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36578"
},
{
"name": "CVE-2023-36724",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36724"
},
{
"name": "CVE-2023-36582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36582"
},
{
"name": "CVE-2023-36720",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36720"
},
{
"name": "CVE-2023-38159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38159"
},
{
"name": "CVE-2023-38171",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38171"
},
{
"name": "CVE-2023-36585",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36585"
},
{
"name": "CVE-2023-36723",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36723"
},
{
"name": "CVE-2023-36703",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36703"
},
{
"name": "CVE-2023-36596",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36596"
},
{
"name": "CVE-2023-36701",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36701"
},
{
"name": "CVE-2023-41770",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41770"
},
{
"name": "CVE-2023-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41771"
},
{
"name": "CVE-2023-36709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36709"
},
{
"name": "CVE-2023-41767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41767"
},
{
"name": "CVE-2023-36435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36435"
},
{
"name": "CVE-2023-36589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36589"
},
{
"name": "CVE-2023-36593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36593"
},
{
"name": "CVE-2023-36698",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36698"
},
{
"name": "CVE-2023-36732",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36732"
},
{
"name": "CVE-2023-36575",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36575"
},
{
"name": "CVE-2023-41774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41774"
},
{
"name": "CVE-2023-36731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36731"
},
{
"name": "CVE-2023-36592",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36592"
},
{
"name": "CVE-2023-36606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36606"
},
{
"name": "CVE-2023-36785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36785"
},
{
"name": "CVE-2023-36602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36602"
},
{
"name": "CVE-2023-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41772"
},
{
"name": "CVE-2023-41768",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41768"
},
{
"name": "CVE-2023-36436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36436"
},
{
"name": "CVE-2023-36574",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36574"
},
{
"name": "CVE-2023-36697",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36697"
},
{
"name": "CVE-2023-36712",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36712"
},
{
"name": "CVE-2023-36704",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36704"
},
{
"name": "CVE-2023-36563",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36563"
},
{
"name": "CVE-2023-35349",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35349"
},
{
"name": "CVE-2023-36598",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36598"
},
{
"name": "CVE-2023-36902",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36902"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36731 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36731"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36590 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36590"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-35349 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35349"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36728 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36420 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41772 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41772"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36571 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36571"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36594 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36594"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36596 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36596"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36577 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36577"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36790 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36790"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36585 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36585"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-29348 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29348"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36785 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41768 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41768"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36563 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36563"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36583 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36583"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41770 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41770"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36436 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36436"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36431 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36431"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38159 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38159"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36718 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36718"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36776 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36776"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36572 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36572"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36564 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36564"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36591 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36591"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36582 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36582"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36701 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36701"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36605 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36605"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36581 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36581"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36573 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36573"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36602 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36602"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36584 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36584"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36576 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36576"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-44487 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36574 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36574"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36720 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36720"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36709 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36709"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36730 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36593 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36593"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36729 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36729"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36717 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36717"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38166 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38166"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36698 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36698"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36726 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36726"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36434 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36434"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36703 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36703"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36712 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36712"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36902 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36902"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36706 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36706"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41767 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41767"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36697 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36697"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36711 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36711"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36578 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36578"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36724 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36724"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36557 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36557"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36723 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36723"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36570 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36570"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41771 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41771"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36598 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36598"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38171 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36589 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36589"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36725 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36725"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36438 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36438"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36722 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36722"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41765 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41765"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36603 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36603"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41769 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41769"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36713 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36713"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36721 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36721"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36435 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36435"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41774 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41774"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36704 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36704"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36710 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36710"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36575 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36575"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36606 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36606"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41773 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41773"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36567 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36567"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36702 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36702"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36579 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36579"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36707 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36707"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36592 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36592"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36732 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36732"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41766 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41766"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36743 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36743"
}
],
"reference": "CERTFR-2023-AVI-0827",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-11T00:00:00.000000"
},
{
"description": "Microsoft a d\u00e9clar\u00e9 que PowerShell 7.3 \u00e9tait \u00e9galement affect\u00e9 par les vuln\u00e9rabilit\u00e9s CVE-2023-36435 et CVE-2023-38171",
"revision_date": "2023-10-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code \u00e0 distance, un d\u00e9ni\nde service et un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0830
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une élévation de privilèges, une usurpation d'identité, une exécution de code à distance, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 13 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.2 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.7 | ||
| Microsoft | N/A | Microsoft OLE DB Driver 19 pour SQL Server | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes 32 bits (CU 4) | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 (GDR) | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.6 | ||
| Microsoft | N/A | Microsoft Common Data Model SDK pour C# | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 23 | ||
| Microsoft | Azure | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connect Feature Pack | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes x64 (CU 4) | ||
| Microsoft | N/A | Skype pour Business Server 2019 CU7 | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.1 | ||
| Microsoft | N/A | Skype pour Business Server 2015 CU13 | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour 64 bits Systems | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (CU 31) | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.4 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft ODBC Driver 18 pour SQL Server on MacOS | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (CU 22) | ||
| Microsoft | N/A | Microsoft ODBC Driver 17 pour SQL Server on MacOS | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.0 | ||
| Microsoft | N/A | Microsoft Common Data Model SDK pour TypeScript | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (CU 8) | ||
| Microsoft | N/A | Microsoft Common Data Model SDK pour Java | ||
| Microsoft | N/A | Microsoft ODBC Driver 17 pour SQL Server on Linux | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 12 | ||
| Microsoft | N/A | Microsoft OLE DB Driver 18 pour SQL Server | ||
| Microsoft | N/A | Microsoft ODBC Driver 18 pour SQL Server on Linux | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes 32 bits (GDR) | ||
| Microsoft | N/A | Microsoft Common Data Model SDK pour Python |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 13",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OLE DB Driver 19 pour SQL Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes 32 bits (CU 4)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Common Data Model SDK pour C#",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 Azure Connect Feature Pack",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes x64 (CU 4)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype pour Business Server 2019 CU7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype pour Business Server 2015 CU13",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour 64 bits Systems",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (CU 31)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 18 pour SQL Server on MacOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 22)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 17 pour SQL Server on MacOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Common Data Model SDK pour TypeScript",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (CU 8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Common Data Model SDK pour Java",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 17 pour SQL Server on Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OLE DB Driver 18 pour SQL Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 18 pour SQL Server on Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes 32 bits (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Common Data Model SDK pour Python",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36728"
},
{
"name": "CVE-2023-36429",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36429"
},
{
"name": "CVE-2023-36420",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36420"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-36730",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36730"
},
{
"name": "CVE-2023-36789",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36789"
},
{
"name": "CVE-2023-36778",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36778"
},
{
"name": "CVE-2023-36566",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36566"
},
{
"name": "CVE-2023-36780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36780"
},
{
"name": "CVE-2023-36786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36786"
},
{
"name": "CVE-2023-36568",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36568"
},
{
"name": "CVE-2023-38171",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38171"
},
{
"name": "CVE-2023-36417",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36417"
},
{
"name": "CVE-2023-41763",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41763"
},
{
"name": "CVE-2023-36416",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36416"
},
{
"name": "CVE-2023-36785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36785"
},
{
"name": "CVE-2023-36433",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36433"
},
{
"name": "CVE-2023-36569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36569"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36728 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36420 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36785 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41763 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41763"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36429 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36429"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36569 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36569"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36568 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36568"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36433 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36433"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36566 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36566"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36786 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36786"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-44487 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36730 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36789 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36789"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36416 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36416"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36778 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36778"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38171 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36417 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36780 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36780"
}
],
"reference": "CERTFR-2023-AVI-0830",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une usurpation\nd\u0027identit\u00e9, une ex\u00e9cution de code \u00e0 distance, un d\u00e9ni de service et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
BDU:2023-06745
Vulnerability from fstec - Published: 10.10.2023
VLAI Severity ?
Title
Уязвимость драйвера ODBC для SQL Server операционных систем Windows, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость драйвера ODBC для SQL Server операционных систем Windows связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код
Severity ?
Vendor
Microsoft Corp
Software Name
Microsoft SQL Server, Microsoft ODBC Driver for SQL Server
Software Version
2019 (Microsoft SQL Server), 2022 (Microsoft SQL Server), 17 (Microsoft ODBC Driver for SQL Server), 18 (Microsoft ODBC Driver for SQL Server), 2019 (CU 22) (Microsoft SQL Server), 2022 (CU 8) (Microsoft SQL Server)
Possible Mitigations
Использование рекомендаций:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730
Reference
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730
https://www.cybersecurity-help.cz/vdb/SB2023101083
CWE
CWE-20
{
"CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "TO766, TO976",
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": "TO766 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u043f\u0430\u043a\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f SQL Server 2019 RTM (KB5030333), TO976 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 ODBC \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Windows \u0434\u043b\u044f SQL Server",
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "2019 (Microsoft SQL Server), 2022 (Microsoft SQL Server), 17 (Microsoft ODBC Driver for SQL Server), 18 (Microsoft ODBC Driver for SQL Server), 2019 (CU 22) (Microsoft SQL Server), 2022 (CU 8) (Microsoft SQL Server)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.10.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "15.10.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.10.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-06745",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-36730",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft SQL Server, Microsoft ODBC Driver for SQL Server",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 ODBC \u0434\u043b\u044f SQL Server \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Windows, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 ODBC \u0434\u043b\u044f SQL Server \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Windows \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730\nhttps://www.cybersecurity-help.cz/vdb/SB2023101083",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0423\u0411\u0414, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}
FKIE_CVE-2023-36730
Vulnerability from fkie_nvd - Published: 2023-10-10 18:15 - Updated: 2024-11-21 08:10
Severity ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | odbc_driver_for_sql_server | * | |
| microsoft | odbc_driver_for_sql_server | * | |
| microsoft | odbc_driver_for_sql_server | * | |
| microsoft | odbc_driver_for_sql_server | * | |
| microsoft | odbc_driver_for_sql_server | * | |
| microsoft | odbc_driver_for_sql_server | * | |
| microsoft | sql_server | 2019 | |
| microsoft | sql_server | 2022 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "FEE52D75-0785-47A8-A024-14A83B9732A6",
"versionEndExcluding": "17.10.5.1",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "5C5B4D78-6EA4-41E6-A403-2D018D9F0692",
"versionEndExcluding": "17.10.5.1",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "CC490F0A-842A-4590-8CAC-07BB599D8F4F",
"versionEndExcluding": "17.10.5.1",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "90718D50-D4D8-4949-ADB3-310879B2A574",
"versionEndExcluding": "18.3.2.1",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "C9BEA137-3C0A-472A-9A5B-428E00302626",
"versionEndExcluding": "18.3.2.1",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "2EDAA3E7-9DA2-4C2F-B626-60A747015FE8",
"versionEndExcluding": "18.3.2.1",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*",
"matchCriteriaId": "9144F644-A3D4-440C-8978-257E71204617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*",
"matchCriteriaId": "6CB7AD22-F27B-4807-88F1-02ED420421D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft ODBC Driver para SQL Server "
}
],
"id": "CVE-2023-36730",
"lastModified": "2024-11-21T08:10:28.543",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2023-10-10T18:15:17.160",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-G6RQ-2JQ4-98MR
Vulnerability from github – Published: 2023-10-10 18:31 – Updated: 2024-04-04 08:32
VLAI?
Details
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2023-36730"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-10T18:15:17Z",
"severity": "HIGH"
},
"details": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"id": "GHSA-g6rq-2jq4-98mr",
"modified": "2024-04-04T08:32:16Z",
"published": "2023-10-10T18:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36730"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2023-36730
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-36730",
"id": "GSD-2023-36730"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-36730"
],
"details": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"id": "GSD-2023-36730",
"modified": "2023-12-13T01:20:34.232329Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2023-36730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SQL Server 2019 (GDR)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "15.0.0",
"version_value": "15.0.2104.1"
}
]
}
},
{
"product_name": "Microsoft SQL Server 2022 (GDR)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "16.0.0",
"version_value": "16.0.1105.1"
}
]
}
},
{
"product_name": "Microsoft ODBC Driver 17 for SQL Server on Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "17.0.0.0",
"version_value": "17.10.5.1"
}
]
}
},
{
"product_name": "Microsoft ODBC Driver 17 for SQL Server on Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "17.0.0.0",
"version_value": "17.10.5.1"
}
]
}
},
{
"product_name": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "17.0.0.0",
"version_value": "17.10.5.1"
}
]
}
},
{
"product_name": "Microsoft ODBC Driver 18 for SQL Server on Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "18.0.0.0",
"version_value": "18.3.2.1"
}
]
}
},
{
"product_name": "Microsoft ODBC Driver 18 for SQL Server on Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "18.0.0.0",
"version_value": "18.3.2.1"
}
]
}
},
{
"product_name": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "18.0.0.0",
"version_value": "18.3.2.1"
}
]
}
},
{
"product_name": "Microsoft SQL Server 2022 (CU 8)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "15.0.0",
"version_value": "16.0.4080.1"
}
]
}
},
{
"product_name": "Microsoft SQL Server 2019 (CU 22)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "15.0.0",
"version_value": "15.0.4326.1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
]
},
"impact": {
"cvss": [
{
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730",
"refsource": "MISC",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*",
"cpe_name": [],
"versionEndExcluding": "18.3.2.1",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*",
"cpe_name": [],
"versionEndExcluding": "18.3.2.1",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndExcluding": "18.3.2.1",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*",
"cpe_name": [],
"versionEndExcluding": "17.10.5.1",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*",
"cpe_name": [],
"versionEndExcluding": "17.10.5.1",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndExcluding": "17.10.5.1",
"versionStartIncluding": "17.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2023-36730"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-10-13T19:42Z",
"publishedDate": "2023-10-10T18:15Z"
}
}
}
ICSA-24-102-08
Vulnerability from csaf_cisa - Published: 2023-04-11 00:00 - Updated: 2025-09-09 00:00Summary
Siemens OPC Foundation Local Discovery Server Affecting Siemens Products
Notes
Summary: A vulnerability was identified in OPC Foundation Local Discovery Server which also affects Siemens products that could allow an attacker to escalate privileges under certain circumstances.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer: This ICSA is a verbatim republication of Siemens ProductCERT SSA-691715 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.
Critical infrastructure sectors: Energy, Transportation Systems, Water and Wastewater Systems
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
7.8 (High)
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OpenPCS 7 V9.1
Siemens / OpenPCS 7 V9.1
|
vers:all/* |
Mitigation
No Fix Planned
|
|
|
SIMATIC NET PC Software V14
Siemens / SIMATIC NET PC Software V14
|
vers:all/* |
Mitigation
No Fix Planned
|
|
|
SIMATIC NET PC Software V15
Siemens / SIMATIC NET PC Software V15
|
vers:all/* |
Mitigation
No Fix Planned
|
|
|
SIMATIC NET PC Software V16
Siemens / SIMATIC NET PC Software V16
|
<V16_Update_8 |
Mitigation
Vendor Fix
fix
|
|
|
SIMATIC NET PC Software V17
Siemens / SIMATIC NET PC Software V17
|
<V17_SP1_Update_1 |
Mitigation
Vendor Fix
fix
|
|
|
SIMATIC NET PC Software V18
Siemens / SIMATIC NET PC Software V18
|
<V18_Update_1 |
Mitigation
Vendor Fix
fix
|
|
|
SIMATIC Process Historian 2020 OPC UA Server
Siemens / SIMATIC Process Historian 2020 OPC UA Server
|
vers:all/* |
Mitigation
No Fix Planned
|
|
|
SIMATIC Process Historian 2022 OPC UA Server
Siemens / SIMATIC Process Historian 2022 OPC UA Server
|
<V2022_SP1 |
Mitigation
Vendor Fix
|
|
|
SIMATIC WinCC
Siemens / SIMATIC WinCC
|
vers:intdot/<8.0 |
Mitigation
Vendor Fix
fix
|
|
|
SIMATIC WinCC Runtime Professional
Siemens / SIMATIC WinCC Runtime Professional
|
<V18_Update_2 |
Mitigation
Vendor Fix
|
|
|
SIMATIC WinCC Unified PC Runtime V18
Siemens / SIMATIC WinCC Unified PC Runtime V18
|
<V18.0_SP1_Update_1 |
Mitigation
Vendor Fix
fix
|
|
|
TeleControl Server Basic V3
Siemens / TeleControl Server Basic V3
|
vers:intdot/<3.1.2 |
Mitigation
Vendor Fix
fix
|
References
10 references
| URL | Category |
|---|---|
| https://cert-portal.siemens.com/productcert/csaf/… | self |
| https://cert-portal.siemens.com/productcert/html/… | self |
| https://raw.githubusercontent.com/cisagov/CSAF/de… | self |
| https://www.cisa.gov/news-events/ics-advisories/i… | self |
| https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-… | external |
| https://www.cisa.gov/resources-tools/resources/ic… | external |
| https://www.cisa.gov/topics/industrial-control-systems | external |
| https://us-cert.cisa.gov/sites/default/files/reco… | external |
| https://www.cisa.gov/sites/default/files/publicat… | external |
| https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B | external |
Acknowledgments
Siemens ProductCERT
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting this vulnerability to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A vulnerability was identified in OPC Foundation Local Discovery Server which also affects Siemens products that could allow an attacker to escalate privileges under certain circumstances.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-691715 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Energy, Transportation Systems, Water and Wastewater Systems",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-691715: Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-691715.json"
},
{
"category": "self",
"summary": "SSA-691715: Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-691715.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-102-08 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-102-08.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-102-08 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-102-08"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens OPC Foundation Local Discovery Server Affecting Siemens Products",
"tracking": {
"current_release_date": "2025-09-09T00:00:00.000000Z",
"generator": {
"date": "2025-09-11T15:38:01.188682Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-24-102-08",
"initial_release_date": "2023-04-11T00:00:00.000000Z",
"revision_history": [
{
"date": "2023-04-11T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2023-06-13T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added fix for SIMATIC NET PC Software V17, clarified no fix planned for SIMATIC Process Historian 2020 OPC UA Server, SIMATIC NET PC Software V14 and V15"
},
{
"date": "2023-08-08T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added fix for SIMATIC WinCC Runtime Professional"
},
{
"date": "2023-11-14T00:00:00.000000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added fix for SIMATIC Process Historian 2022 OPC UA Server"
},
{
"date": "2024-04-09T00:00:00.000000Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Added fix for TeleControl Server Basic V3"
},
{
"date": "2024-05-14T00:00:00.000000Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Added fix for SIMATIC NET PC Software V18"
},
{
"date": "2024-09-10T00:00:00.000000Z",
"legacy_version": "1.6",
"number": "7",
"summary": "Added fix for SIMATIC NET PC Software V16, clarified no fix planned for OpenPCS 7 V9.1"
},
{
"date": "2025-09-09T00:00:00.000000Z",
"legacy_version": "1.7",
"number": "8",
"summary": "Corrected fix version for SIMATIC NET PC Software V17"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "OpenPCS 7 V9.1",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "OpenPCS 7 V9.1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC NET PC Software V14",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SIMATIC NET PC Software V14"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC NET PC Software V15",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "SIMATIC NET PC Software V15"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV16_Update_8",
"product": {
"name": "SIMATIC NET PC Software V16",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "SIMATIC NET PC Software V16"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV17_SP1_Update_1",
"product": {
"name": "SIMATIC NET PC Software V17",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "SIMATIC NET PC Software V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV18_Update_1",
"product": {
"name": "SIMATIC NET PC Software V18",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "SIMATIC NET PC Software V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC Process Historian 2020 OPC UA Server",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "SIMATIC Process Historian 2020 OPC UA Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2022_SP1",
"product": {
"name": "SIMATIC Process Historian 2022 OPC UA Server",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "SIMATIC Process Historian 2022 OPC UA Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c8.0",
"product": {
"name": "SIMATIC WinCC",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV18_Update_2",
"product": {
"name": "SIMATIC WinCC Runtime Professional",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Runtime Professional"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV18.0_SP1_Update_1",
"product": {
"name": "SIMATIC WinCC Unified PC Runtime V18",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified PC Runtime V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.1.2",
"product": {
"name": "TeleControl Server Basic V3",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "TeleControl Server Basic V3"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-44725",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "OPC Foundation Local Discovery Server (LDS) in affected products uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Update the underlying OPC Foundation Unified Architecture Local Discovery Server (UA-LDS) to [V1.04.405](https://opcfoundation.org/developer-tools/samples-and-tools-unified-architecture/local-discovery-server-lds/) or later if possible",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0007"
]
},
{
"category": "vendor_fix",
"details": "Update to V16 Update 8 or later version",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109974091/"
},
{
"category": "vendor_fix",
"details": "Update to V17 SP1 Update 1 or later version",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109820674/"
},
{
"category": "vendor_fix",
"details": "Update to V18 Update 1 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109826242/"
},
{
"category": "vendor_fix",
"details": "Update to V18 Update 2 or later version",
"product_ids": [
"CSAFPID-0010"
]
},
{
"category": "vendor_fix",
"details": "Update to V18.0 SP1 Update 1 or later version",
"product_ids": [
"CSAFPID-0011"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109807123/"
},
{
"category": "vendor_fix",
"details": "Update to V3.1.2 or later version",
"product_ids": [
"CSAFPID-0012"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109955177/"
},
{
"category": "vendor_fix",
"details": "Update to V8.0 or later version",
"product_ids": [
"CSAFPID-0009"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109816599/"
},
{
"category": "vendor_fix",
"details": "In the context of SIMATIC PCS neo, update to SIMATIC PCS neo V4.1 or later version",
"product_ids": [
"CSAFPID-0008"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
]
}
],
"title": "CVE-2022-44725"
}
]
}
MSRC_CVE-2023-36730
Vulnerability from csaf_microsoft - Published: 2023-10-10 07:00 - Updated: 2023-10-11 07:00Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Severity
Important
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.
CWE-122
- Heap-based Buffer Overflow
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft SQL Server 2019 for x64-based Systems (GDR) 15.0.2104.1
Microsoft SQL Server 2019 for x64-based Systems (GDR)
|
15.0.2104.1 | ||
|
Microsoft SQL Server 2022 for x64-based Systems (GDR) 16.0.1105.1
Microsoft SQL Server 2022 for x64-based Systems (GDR)
|
16.0.1105.1 | ||
|
Microsoft ODBC Driver 17 for SQL Server on Windows 17.10.5.1
Microsoft ODBC Driver 17 for SQL Server on Windows
|
17.10.5.1 | ||
|
Microsoft ODBC Driver 17 for SQL Server on Linux 17.10.5.1
Microsoft ODBC Driver 17 for SQL Server on Linux
|
17.10.5.1 | ||
|
Microsoft ODBC Driver 17 for SQL Server on MacOS 17.10.5.1
Microsoft ODBC Driver 17 for SQL Server on MacOS
|
17.10.5.1 | ||
|
Microsoft ODBC Driver 18 for SQL Server on Windows 18.3.2.1
Microsoft ODBC Driver 18 for SQL Server on Windows
|
18.3.2.1 | ||
|
Microsoft ODBC Driver 18 for SQL Server on Linux 18.3.2.1
Microsoft ODBC Driver 18 for SQL Server on Linux
|
18.3.2.1 | ||
|
Microsoft ODBC Driver 18 for SQL Server on MacOS 18.3.2.1
Microsoft ODBC Driver 18 for SQL Server on MacOS
|
18.3.2.1 | ||
|
Microsoft SQL Server 2022 for x64-based Systems (CU 8) 16.0.4080.1
Microsoft SQL Server 2022 for x64-based Systems (CU 8)
|
16.0.4080.1 | ||
|
Microsoft SQL Server 2019 for x64-based Systems (CU 22) 15.0.4326.1
Microsoft SQL Server 2019 for x64-based Systems (CU 22)
|
15.0.4326.1 |
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft SQL Server 2019 for x64-based Systems (CU 22) <15.0.4326.1
Microsoft SQL Server 2019 for x64-based Systems (CU 22)
|
<15.0.4326.1 |
Vendor Fix
fix
|
|
|
Microsoft SQL Server 2022 for x64-based Systems (CU 8) <16.0.4080.1
Microsoft SQL Server 2022 for x64-based Systems (CU 8)
|
<16.0.4080.1 |
Vendor Fix
fix
|
|
|
Microsoft ODBC Driver 18 for SQL Server on MacOS <18.3.2.1
Microsoft ODBC Driver 18 for SQL Server on MacOS
|
<18.3.2.1 |
Vendor Fix
fix
|
|
|
Microsoft ODBC Driver 18 for SQL Server on Linux <18.3.2.1
Microsoft ODBC Driver 18 for SQL Server on Linux
|
<18.3.2.1 |
Vendor Fix
fix
|
|
|
Microsoft ODBC Driver 18 for SQL Server on Windows <18.3.2.1
Microsoft ODBC Driver 18 for SQL Server on Windows
|
<18.3.2.1 |
Vendor Fix
fix
|
|
|
Microsoft ODBC Driver 17 for SQL Server on MacOS <17.10.5.1
Microsoft ODBC Driver 17 for SQL Server on MacOS
|
<17.10.5.1 |
Vendor Fix
fix
|
|
|
Microsoft ODBC Driver 17 for SQL Server on Linux <17.10.5.1
Microsoft ODBC Driver 17 for SQL Server on Linux
|
<17.10.5.1 |
Vendor Fix
fix
|
|
|
Microsoft ODBC Driver 17 for SQL Server on Windows <17.10.5.1
Microsoft ODBC Driver 17 for SQL Server on Windows
|
<17.10.5.1 |
Vendor Fix
fix
|
|
|
Microsoft SQL Server 2022 for x64-based Systems (GDR) <16.0.1105.1
Microsoft SQL Server 2022 for x64-based Systems (GDR)
|
<16.0.1105.1 |
Vendor Fix
fix
|
|
|
Microsoft SQL Server 2019 for x64-based Systems (GDR) <15.0.2104.1
Microsoft SQL Server 2019 for x64-based Systems (GDR)
|
<15.0.2104.1 |
Vendor Fix
fix
|
Threats
Impact
Remote Code Execution
Exploit Status
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
References
7 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | self |
| https://msrc.microsoft.com/csaf/advisories/2023/m… | self |
| https://www.microsoft.com/en-us/msrc/exploitabili… | external |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/update-guide/vulnerabi… | self |
| https://msrc.microsoft.com/csaf/advisories/2023/m… | self |
Acknowledgments
bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a>
{
"document": {
"acknowledgments": [
{
"names": [
"bee13oy with \u003ca href=\"https://www.cyberkl.com/\"\u003eCyber Kunlun Lab\u003c/a\u003e"
]
}
],
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2023-36730 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
},
{
"category": "self",
"summary": "CVE-2023-36730 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2023/msrc_cve-2023-36730.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tracking": {
"current_release_date": "2023-10-11T07:00:00.000Z",
"generator": {
"date": "2025-04-14T22:45:46.603Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2023-36730",
"initial_release_date": "2023-10-10T07:00:00.000Z",
"revision_history": [
{
"date": "2023-10-10T07:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2023-10-11T07:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Updated FAQ information. This is an informational change only."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c15.0.2104.1",
"product": {
"name": "Microsoft SQL Server 2019 for x64-based Systems (GDR) \u003c15.0.2104.1",
"product_id": "10"
}
},
{
"category": "product_version",
"name": "15.0.2104.1",
"product": {
"name": "Microsoft SQL Server 2019 for x64-based Systems (GDR) 15.0.2104.1",
"product_id": "11821"
}
}
],
"category": "product_name",
"name": "Microsoft SQL Server 2019 for x64-based Systems (GDR)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c16.0.1105.1",
"product": {
"name": "Microsoft SQL Server 2022 for x64-based Systems (GDR) \u003c16.0.1105.1",
"product_id": "9"
}
},
{
"category": "product_version",
"name": "16.0.1105.1",
"product": {
"name": "Microsoft SQL Server 2022 for x64-based Systems (GDR) 16.0.1105.1",
"product_id": "12147"
}
}
],
"category": "product_name",
"name": "Microsoft SQL Server 2022 for x64-based Systems (GDR)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c17.10.5.1",
"product": {
"name": "Microsoft ODBC Driver 17 for SQL Server on Windows \u003c17.10.5.1",
"product_id": "8"
}
},
{
"category": "product_version",
"name": "17.10.5.1",
"product": {
"name": "Microsoft ODBC Driver 17 for SQL Server on Windows 17.10.5.1",
"product_id": "12193"
}
}
],
"category": "product_name",
"name": "Microsoft ODBC Driver 17 for SQL Server on Windows"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c17.10.5.1",
"product": {
"name": "Microsoft ODBC Driver 17 for SQL Server on Linux \u003c17.10.5.1",
"product_id": "7"
}
},
{
"category": "product_version",
"name": "17.10.5.1",
"product": {
"name": "Microsoft ODBC Driver 17 for SQL Server on Linux 17.10.5.1",
"product_id": "12194"
}
}
],
"category": "product_name",
"name": "Microsoft ODBC Driver 17 for SQL Server on Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c17.10.5.1",
"product": {
"name": "Microsoft ODBC Driver 17 for SQL Server on MacOS \u003c17.10.5.1",
"product_id": "6"
}
},
{
"category": "product_version",
"name": "17.10.5.1",
"product": {
"name": "Microsoft ODBC Driver 17 for SQL Server on MacOS 17.10.5.1",
"product_id": "12195"
}
}
],
"category": "product_name",
"name": "Microsoft ODBC Driver 17 for SQL Server on MacOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c18.3.2.1",
"product": {
"name": "Microsoft ODBC Driver 18 for SQL Server on Windows \u003c18.3.2.1",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "18.3.2.1",
"product": {
"name": "Microsoft ODBC Driver 18 for SQL Server on Windows 18.3.2.1",
"product_id": "12196"
}
}
],
"category": "product_name",
"name": "Microsoft ODBC Driver 18 for SQL Server on Windows"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c18.3.2.1",
"product": {
"name": "Microsoft ODBC Driver 18 for SQL Server on Linux \u003c18.3.2.1",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "18.3.2.1",
"product": {
"name": "Microsoft ODBC Driver 18 for SQL Server on Linux 18.3.2.1",
"product_id": "12197"
}
}
],
"category": "product_name",
"name": "Microsoft ODBC Driver 18 for SQL Server on Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c18.3.2.1",
"product": {
"name": "Microsoft ODBC Driver 18 for SQL Server on MacOS \u003c18.3.2.1",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "18.3.2.1",
"product": {
"name": "Microsoft ODBC Driver 18 for SQL Server on MacOS 18.3.2.1",
"product_id": "12198"
}
}
],
"category": "product_name",
"name": "Microsoft ODBC Driver 18 for SQL Server on MacOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c16.0.4080.1",
"product": {
"name": "Microsoft SQL Server 2022 for x64-based Systems (CU 8) \u003c16.0.4080.1",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "16.0.4080.1",
"product": {
"name": "Microsoft SQL Server 2022 for x64-based Systems (CU 8) 16.0.4080.1",
"product_id": "12229"
}
}
],
"category": "product_name",
"name": "Microsoft SQL Server 2022 for x64-based Systems (CU 8)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c15.0.4326.1",
"product": {
"name": "Microsoft SQL Server 2019 for x64-based Systems (CU 22) \u003c15.0.4326.1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "15.0.4326.1",
"product": {
"name": "Microsoft SQL Server 2019 for x64-based Systems (CU 22) 15.0.4326.1",
"product_id": "12230"
}
}
],
"category": "product_name",
"name": "Microsoft SQL Server 2019 for x64-based Systems (CU 22)"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-36730",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.",
"title": "According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?"
},
{
"category": "faq",
"text": "An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable).",
"title": "According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?"
},
{
"category": "faq",
"text": "Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.\nUpdate your application to use Microsoft ODBC Driver 17 or 18 for SQL Server. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.\nConsult with your application vendor if it is compatible with Microsoft ODBC Driver 17 or 18 for SQL Server. Update the drivers to the versions listed in this page, which provide protection against this vulnerability\nFirst, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185 - How to determine the version, edition, and update level of SQL Server and its components., Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.\n5029503: 5029503, Security update for SQL Server 2022 CU8+GDR: Security update for SQL Server 2022 CU8+GDR, 16.0.4003.1 - 16.0.4075.1: 16.0.4003.1 - 16.0.4075.1, KB 5029666 - SQL2022 RTM CU8: KB 5029666 - SQL2022 RTM CU8, 5029379: 5029379, Security update for SQL Server 2022 RTM+GDR: Security update for SQL Server 2022 RTM+GDR, 16.0.1000.6 - 16.0.1050.5: 16.0.1000.6 - 16.0.1050.5, KB 5021522 - Previous SQL2022 RTM GDR: KB 5021522 - Previous SQL2022 RTM GDR, 5029378: 5029378, Security update for SQL Server 2019 CU22+GDR: Security update for SQL Server 2019 CU22+GDR, 15.0.4003.23 - 15.0.4322.2: 15.0.4003.23 - 15.0.4322.2, KB 5027702 - SQL2019 RTM CU22: KB 5027702 - SQL2019 RTM CU22, 5029377: 5029377, Security update for SQL Server 2019 RTM+GDR: Security update for SQL Server 2019 RTM+GDR, 15.0.2000.5 - 15.0.2101.7: 15.0.2000.5 - 15.0.2101.7, KB 5021125 - Previous SQL2019 RTM GDR: KB 5021125 - Previous SQL2019 RTM GDR\nThe General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.\nGDR updates \u2013 cumulatively only contain security updates for the given baseline., CU updates \u2013 cumulatively contain all functional fixes and security updates for the given baseline.\nFor any given baseline, either the GDR or CU updates could be options (see below).\nIf SQL Server installation is at a baseline version, you can choose either the GDR or CU update., If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package., If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.\nYes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.",
"title": "I am running SQL Server on my system. What action do I need to take?"
},
{
"category": "faq",
"text": "An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the client receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.",
"title": "How could an attacker exploit this vulnerability?"
}
],
"product_status": {
"fixed": [
"11821",
"12147",
"12193",
"12194",
"12195",
"12196",
"12197",
"12198",
"12229",
"12230"
],
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-36730 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
},
{
"category": "self",
"summary": "CVE-2023-36730 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2023/msrc_cve-2023-36730.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-10T07:00:00.000Z",
"details": "15.0.2104.1:Security Update:https://support.microsoft.com/help/5029377",
"product_ids": [
"10"
],
"url": "https://support.microsoft.com/help/5029377"
},
{
"category": "vendor_fix",
"date": "2023-10-10T07:00:00.000Z",
"details": "16.0.1105.1:Security Update:https://support.microsoft.com/help/5029379",
"product_ids": [
"9"
],
"url": "https://support.microsoft.com/help/5029379"
},
{
"category": "vendor_fix",
"date": "2023-10-10T07:00:00.000Z",
"details": "17.10.5.1:Security Update:https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17105",
"product_ids": [
"8"
],
"url": "https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17105"
},
{
"category": "vendor_fix",
"date": "2023-10-10T07:00:00.000Z",
"details": "17.10.5.1:Security Update:https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#18",
"product_ids": [
"7"
],
"url": "https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#18"
},
{
"category": "vendor_fix",
"date": "2023-10-10T07:00:00.000Z",
"details": "17.10.5.1:Security Update:https://learn.microsoft.com/sql/connect/odbc/linux-mac/install-microsoft-odbc-driver-sql-server-macos#17",
"product_ids": [
"6"
],
"url": "https://learn.microsoft.com/sql/connect/odbc/linux-mac/install-microsoft-odbc-driver-sql-server-macos#17"
},
{
"category": "vendor_fix",
"date": "2023-10-10T07:00:00.000Z",
"details": "18.3.2.1:Security Update:https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1832",
"product_ids": [
"5"
],
"url": "https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1832"
},
{
"category": "vendor_fix",
"date": "2023-10-10T07:00:00.000Z",
"details": "18.3.2.1:Security Update:https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#18",
"product_ids": [
"4",
"3"
],
"url": "https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#18"
},
{
"category": "vendor_fix",
"date": "2023-10-10T07:00:00.000Z",
"details": "16.0.4080.1:Security Update:https://support.microsoft.com/help/5029503",
"product_ids": [
"2"
],
"url": "https://support.microsoft.com/help/5029503"
},
{
"category": "vendor_fix",
"date": "2023-10-10T07:00:00.000Z",
"details": "15.0.4326.1:Security Update:https://support.microsoft.com/help/5029378",
"product_ids": [
"1"
],
"url": "https://support.microsoft.com/help/5029378"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Remote Code Execution"
},
{
"category": "exploit_status",
"details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
}
],
"title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…