{"containers": {"cna": {"affected": [{"product": "SQL Server", "vendor": "Microsoft Corporation", "versions": [{"status": "affected", "version": "Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016"}]}], "datePublic": "2017-08-08T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka \"Microsoft SQL Server Analysis Services Information Disclosure Vulnerability\"."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-24T04:49:49.000Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8516"}, {"name": "1039110", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039110"}, {"name": "100041", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100041"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "DATE_PUBLIC": "2017-08-08T00:00:00", "ID": "CVE-2017-8516", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SQL Server", "version": {"version_data": [{"version_value": "Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016"}]}}]}, "vendor_name": "Microsoft Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka \"Microsoft SQL Server Analysis Services Information Disclosure Vulnerability\"."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8516", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8516"}, {"name": "1039110", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039110"}, {"name": "100041", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100041"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:41:23.508Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8516"}, {"name": "1039110", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039110"}, {"name": "100041", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100041"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2017-8516", "datePublished": "2017-08-08T21:00:00.000Z", "dateReserved": "2017-05-03T00:00:00.000Z", "dateUpdated": "2024-09-16T23:22:02.640Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:sql_server:2012:sp3:*:*:*:*:*:*", "matchCriteriaId": "6CEA6995-0B2D-44C5-9A14-76C9796A9863", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp1:*:*:*:*:*:*", "matchCriteriaId": "B5A0AA01-39E8-42A5-8B57-46BEE3A2CD51", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp2:*:*:*:*:*:*", "matchCriteriaId": "58837806-386A-40AC-B8D3-35765113D75C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sql_server:2016:*:*:*:*:*:*:*", "matchCriteriaId": "40058AB9-EE59-449E-B4C4-541E12A4861F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sql_server:2016:sp1:*:*:*:*:*:*", "matchCriteriaId": "51143C5C-46EA-4B37-8C1F-0697A62AC4E8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka \"Microsoft SQL Server Analysis Services Information Disclosure Vulnerability\"."}, {"lang": "es", "value": "Microsoft SQL Server Analysis Services en Microsoft SQL Server 2012, Microsoft SQL Server 2014, y Microsoft SQL Server 2016 permite una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando aplica permisos de forma incorrecta. Esta vulnerabilidad tambi\u00e9n es denominada \"Microsoft SQL Server Analysis Services Information Disclosure Vulnerability\"."}], "id": "CVE-2017-8516", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-08T21:29:00.563", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory"], "url": "http://www.securityfocus.com/bid/100041"}, {"source": "secure@microsoft.com", "tags": ["URL Repurposed"], "url": "http://www.securitytracker.com/id/1039110"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8516"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.securityfocus.com/bid/100041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["URL Repurposed"], "url": "http://www.securitytracker.com/id/1039110"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8516"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}