Lucene search

[email protected]CVE-2018-8533

HistoryOct 10, 2018 - 1:29 p.m.

CVE-2018-8533

2018-10-1013:29:06

CWE-611

[email protected]

web.nvd.nist.gov

microsoft

sql server

management studio

ssms

xml

vulnerability

cve

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka “SQL Server Management Studio Information Disclosure Vulnerability.” This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8532.

Affected configurations

Vulners

NVD

Node

microsoftsql_server_management_studio_17.9MatchSQL Server Management Studio 17.9

microsoftsql_server_management_studio_18.0Match(Preview 4)

VendorProductVersionCPE
microsoftsql_server_management_studio_17.9SQL Server Management Studio 17.9cpe:2.3:a:microsoft:sql_server_management_studio_17.9:SQL Server Management Studio 17.9:*:*:*:*:*:*:*
microsoftsql_server_management_studio_18.0(Preview 4)cpe:2.3:a:microsoft:sql_server_management_studio_18.0:(Preview 4):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	sql_server_management_studio_17.9	SQL Server Management Studio 17.9	cpe:2.3:a:microsoft:sql_server_management_studio_17.9:SQL Server Management Studio 17.9:::::::*
microsoft	sql_server_management_studio_18.0	(Preview 4)	cpe:2.3:a:microsoft:sql_server_management_studio_18.0:(Preview 4):::::::*

CNA Affected

[
  {
    "product": "SQL Server Management Studio 17.9",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "SQL Server Management Studio 17.9"
      }
    ]
  },
  {
    "product": "SQL Server Management Studio 18.0",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "(Preview 4)"
      }
    ]
  }
]