Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-23384
HistoryApr 11, 2023 - 9:15 p.m.

CVE-2023-23384

2023-04-1121:15:18
CWE-122
[email protected]
web.nvd.nist.gov
2506
cve-2023-23384
microsoft sql server
remote code execution
vulnerability
nvd

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

7.8

Confidence

High

EPSS

0.003

Percentile

71.7%

JSON

Microsoft SQL Server Remote Code Execution Vulnerability

Affected configurations

Vulners
NVD
Node
microsoftsql_serverMatch2008sp4
Node
microsoftsql_serverMatch2012sp4
Node
microsoftsql_serverMatch2012sp4x64
Node
microsoftsql_serverMatch2017
Node
microsoftsql_serverMatch2008sp3
Node
microsoftsql_serverMatch2014sp3
Node
microsoftsql_serverMatch2014sp3
Node
microsoftsql_serverMatch2019
Node
microsoftsql_serverMatch2016sp3
Node
microsoftsql_serverMatch2016sp3
Node
microsoftsql_serverMatch2017
Node
microsoftsql_serverMatch2019
Node
microsoftsql_serverMatch2022
VendorProductVersionCPE
microsoftsql_server*cpe:2.3:a:microsoft:sql_server:*:service pack 4:*:*:*:*:*:*
microsoftsql_server*cpe:2.3:a:microsoft:sql_server:*:service pack 4:*:*:*:*:*:*
microsoftsql_server*cpe:2.3:a:microsoft:sql_server:*:service pack 4:*:*:*:*:*:*
microsoftsql_server*cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:*:*
microsoftsql_server*cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:*:*
microsoftsql_server*cpe:2.3:a:microsoft:sql_server:*:service pack 3:*:*:*:*:*:*
microsoftsql_server*cpe:2.3:a:microsoft:sql_server:*:service pack 3:*:*:*:*:*:*
microsoftsql_server*cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:*:*
microsoftsql_server*cpe:2.3:a:microsoft:sql_server:*:service pack 3:*:*:*:*:*:*
microsoftsql_server*cpe:2.3:a:microsoft:sql_server:*:service pack 3:*:*:*:*:*:*
Rows per page:
1-10 of 131

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2008 Service Pack 4 (QFE)",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2008:sp4:*:*:*:*:x86:*",
      "cpe:2.3:a:microsoft:sql_server:2008:sp4:*:*:*:*:x64:*"
    ],
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.0.6814.4",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2012 Service Pack 4 (QFE)",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2012:sp4:*:*:*:*:*:*"
    ],
    "platforms": [
      "32-bit Systems"
    ],
    "versions": [
      {
        "version": "11.0.0",
        "lessThan": "11.0.7512.11",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2012:sp4:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "11.0.0",
        "lessThan": "11.0.7512.11",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2017 (GDR)",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2017:-:*:*:*:*:x64:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "14.0.0",
        "lessThan": "14.0.2047.8",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2008 R2 Service Pack 3 (QFE)",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2008:r2_sp2:x86:*:*:*:*:*",
      "cpe:2.3:a:microsoft:sql_server:2008:r2_sp2:x64:*:*:*:*:*"
    ],
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.50.6785.2",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2014 Service Pack 3 (GDR)",
    "cpes": [
      " cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*",
      " cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*"
    ],
    "platforms": [
      "x64-based Systems",
      "32-bit Systems"
    ],
    "versions": [
      {
        "version": "12.0.0",
        "lessThan": "12.0.6444.4",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2014 Service Pack 3 (CU 4)",
    "cpes": [
      " cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*",
      " cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*"
    ],
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "12.0.0",
        "lessThan": "12.0.6174.8",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2019 (GDR)",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "15.0.0",
        "lessThan": "15.0.2101.7",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2016:sp3:*:*:*:*:x64:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "13.0.0",
        "lessThan": "13.0.6430.49",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2016:sp3:*:*:*:*:x64:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "13.0.0",
        "lessThan": "13.0.7024.30",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2017 (CU 31)",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2017:-:*:*:*:*:x64:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "14.0.0",
        "lessThan": "14.0.3460.9",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2019 (CU 18)",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "15.0.0",
        "lessThan": "15.0.4280.7",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2022 (GDR)",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "16.0.1050.5",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

Related

cvelist 1
nessus 2
mscve 1
prion 1
nvd 1
mskb 12
kaspersky 2
ics 1
rapid7blog 1
cvelist
cvelist
CVE-2023-23384 Microsoft SQL Server Remote Code Execution Vulnerability
2023-04-11 19:13:12
nessus
nessus
Security Updates for Microsoft SQL Server (April 2023)
2023-05-12 00:00:00
Security Updates for Microsoft SQL Server (April 2023)
2023-05-12 00:00:00
mscve
mscve
Microsoft SQL Server Remote Code Execution Vulnerability
2023-04-11 07:00:00
prion
prion
Remote code execution
2023-04-11 21:15:00
nvd
nvd
CVE-2023-23384
2023-04-11 21:15:18
mskb
mskb
KB5020863 - Description of the security update for SQL Server 2008 SP4 GDR: February 14, 2023
2023-04-11 07:00:00
KB5021112 - Description of the security update for SQL Server 2008 R2 SP3 GDR: February 14, 2023
2023-04-11 07:00:00
KB5021123 - Description of the security update for SQL Server 2012 SP4 GDR: February 14, 2023
2023-04-11 07:00:00
kaspersky
kaspersky
KLA48844 Multiple vulnerabilities in Microsoft SQL Server
2023-04-11 00:00:00
KLA48842 Multiple vulnerabilities in Microsoft Products (ESU)
2023-04-11 00:00:00
ics
ics
Siemens Telecontrol Server Basic
2024-04-11 12:00:00
rapid7blog
rapid7blog
Patch Tuesday - April 2023
2023-04-11 22:49:56

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

7.8

Confidence

High

EPSS

0.003

Percentile

71.7%

JSON
Related for CVE-2023-23384
cvelist1nessus2mscve1prion1nvd1mskb12kaspersky2ics1rapid7blog1