Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
msupdateMicrosoftMS:C091B865-E45D-4B44-9FB2-9176620A442E
HistoryJan 01, 1970 - 3:00 a.m.

Security Update for SQL Server 2016 Service Pack 2 GDR (KB4532097)

1970-01-0103:00:00
Microsoft
www.catalog.update.microsoft.com
53
JSON

First Security Vulnerability fix:
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. An attacker who successfully exploited this vulnerability could execute code in the context of the Report Server service account.
The security update addresses the vulnerability by modifying how the Microsoft SQL Server Reporting Services handles page requests.

Second Security Vulnerability fix:
A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server. An attacker who successfully exploited the vulnerability could run scripts in the context of the targeted user. The attacks could allow the attacker to read content that the attacker is not authorized to read, execute malicious code, and use the victim’s identity to take actions on the site on behalf of the user, such as change permissions and delete content.
The security update addresses the vulnerability by correcting SSRS URL sanitization.

JSON