Lucene search

K
cve[email protected]CVE-2023-23384
HistoryApr 11, 2023 - 9:15 p.m.

CVE-2023-23384

2023-04-1121:15:18
CWE-122
web.nvd.nist.gov
2466
cve-2023-23384
microsoft sql server
remote code execution
vulnerability
nvd

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.7%

Microsoft SQL Server Remote Code Execution Vulnerability

Affected configurations

Vulners
NVD
Node
microsoftsql_serverRange10.0.02008service pack 4
OR
microsoftsql_serverRange11.0.02012service pack 4
OR
microsoftsql_serverRange11.0.02012service pack 4
OR
microsoftsql_serverRange14.0.02017
OR
microsoftsql_serverRange10.0.02008
OR
microsoftsql_serverRange12.0.02014service pack 3
OR
microsoftsql_serverRange12.0.02014service pack 3
OR
microsoftsql_serverRange15.0.02019
OR
microsoftsql_serverRange13.0.02016service pack 3
OR
microsoftsql_serverRange13.0.02016service pack 3
OR
microsoftsql_serverRange14.0.02017
OR
microsoftsql_serverRange15.0.02019
OR
microsoftsql_serverRange16.0.02022
VendorProductVersionCPE
microsoftsql_server*cpe:2.3:a:microsoft:sql_server:*:service pack 4:*:*:*:*:*:*
microsoftsql_server*cpe:2.3:a:microsoft:sql_server:*:service pack 4:*:*:*:*:*:*
microsoftsql_server*cpe:2.3:a:microsoft:sql_server:*:service pack 4:*:*:*:*:*:*
microsoftsql_server*cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:*:*
microsoftsql_server*cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:*:*
microsoftsql_server*cpe:2.3:a:microsoft:sql_server:*:service pack 3:*:*:*:*:*:*
microsoftsql_server*cpe:2.3:a:microsoft:sql_server:*:service pack 3:*:*:*:*:*:*
microsoftsql_server*cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:*:*
microsoftsql_server*cpe:2.3:a:microsoft:sql_server:*:service pack 3:*:*:*:*:*:*
microsoftsql_server*cpe:2.3:a:microsoft:sql_server:*:service pack 3:*:*:*:*:*:*
Rows per page:
1-10 of 131

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2008 Service Pack 4 (QFE)",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2008:sp4:*:*:*:*:x86:*",
      "cpe:2.3:a:microsoft:sql_server:2008:sp4:*:*:*:*:x64:*"
    ],
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.0.6814.4",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2012 Service Pack 4 (QFE)",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2012:sp4:*:*:*:*:*:*"
    ],
    "platforms": [
      "32-bit Systems"
    ],
    "versions": [
      {
        "version": "11.0.0",
        "lessThan": "11.0.7512.11",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2012:sp4:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "11.0.0",
        "lessThan": "11.0.7512.11",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2017 (GDR)",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2017:-:*:*:*:*:x64:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "14.0.0",
        "lessThan": "14.0.2047.8",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2008 R2 Service Pack 3 (QFE)",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2008:r2_sp2:x86:*:*:*:*:*",
      "cpe:2.3:a:microsoft:sql_server:2008:r2_sp2:x64:*:*:*:*:*"
    ],
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.50.6785.2",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2014 Service Pack 3 (GDR)",
    "cpes": [
      " cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*",
      " cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*"
    ],
    "platforms": [
      "x64-based Systems",
      "32-bit Systems"
    ],
    "versions": [
      {
        "version": "12.0.0",
        "lessThan": "12.0.6444.4",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2014 Service Pack 3 (CU 4)",
    "cpes": [
      " cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*",
      " cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*"
    ],
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "12.0.0",
        "lessThan": "12.0.6174.8",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2019 (GDR)",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "15.0.0",
        "lessThan": "15.0.2101.7",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2016:sp3:*:*:*:*:x64:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "13.0.0",
        "lessThan": "13.0.6430.49",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2016:sp3:*:*:*:*:x64:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "13.0.0",
        "lessThan": "13.0.7024.30",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2017 (CU 31)",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2017:-:*:*:*:*:x64:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "14.0.0",
        "lessThan": "14.0.3460.9",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2019 (CU 18)",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "15.0.0",
        "lessThan": "15.0.4280.7",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2022 (GDR)",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "16.0.1050.5",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.7%