OpenCVE

Microsoft SQL Server Remote Code Execution Vulnerability

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Microsoft	Sql Server Sql Server 2016 Sql Server 2017 Sql Server 2019 Sql Server 2022

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:sql_server_2016:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2016:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2017:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2017:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2019:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2019:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2022:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2022:::::::x64:*

No data.

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49021

History

Fri, 15 Nov 2024 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft sql Server 2016 Microsoft sql Server 2017 Microsoft sql Server 2019 Microsoft sql Server 2022
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:microsoft:sql_server_2016:::::::x64:* cpe:2.3:a:microsoft:sql_server_2017:::::::x64:* cpe:2.3:a:microsoft:sql_server_2019:::::::x64:* cpe:2.3:a:microsoft:sql_server_2022:::::::x64:*
Vendors & Products		Microsoft sql Server 2016 Microsoft sql Server 2017 Microsoft sql Server 2019 Microsoft sql Server 2022

Wed, 13 Nov 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 12 Nov 2024 18:00:00 +0000

Type	Values Removed	Values Added
Description		Microsoft SQL Server Remote Code Execution Vulnerability
Title		Microsoft SQL Server Remote Code Execution Vulnerability
First Time appeared		Microsoft Microsoft sql Server
Weaknesses		CWE-416
CPEs		cpe:2.3:a:microsoft:sql_server:2016:sp3:::::x64:* cpe:2.3:a:microsoft:sql_server:2017:-:::::x64:* cpe:2.3:a:microsoft:sql_server:2019::::::x64: cpe:2.3:a:microsoft:sql_server:2022::::::x64:
Vendors & Products		Microsoft Microsoft sql Server
References		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49021
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}`

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2024-11-12T17:54:20.153Z

Updated: 2024-11-21T13:43:21.788Z

Reserved: 2024-10-11T20:57:49.182Z

Link: CVE-2024-49021

Vulnrichment

Updated: 2024-11-13T18:54:35.563Z

NVD

Status : Analyzed

Published: 2024-11-12T18:15:42.100

Modified: 2024-11-15T16:04:55.487

Link: CVE-2024-49021

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object