CVE-2024-37340

🗓️ 10 Sep 2024 16:53:37Reported by microsoftType

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerabilit

Reporter	Title	Published	Views	Family All 22
Circl	CVE-2024-37340	10 Sep 202417:25	–	circl
CNNVD	Microsoft SQL Server 安全漏洞	10 Sep 202400:00	–	cnnvd
CNVD	Microsoft SQL Server Remote Code Execution Vulnerability (CNVD-2024-38795)	12 Sep 202400:00	–	cnvd
Cvelist	CVE-2024-37340 Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability	10 Sep 202416:53	–	cvelist
EUVD	EUVD-2024-36941	10 Sep 202416:53	–	euvd
Microsoft KB	KB5042211 - Description of the security update for SQL Server 2022 GDR: September 10, 2024	10 Sep 202407:00	–	mskb
Microsoft KB	KB5042214 - Description of the security update for SQL Server 2019 GDR: September 10, 2024	10 Sep 202407:00	–	mskb
Microsoft KB	KB5042215 - Description of the security update for SQL Server 2017 CU31: September 10, 2024	10 Sep 202407:00	–	mskb
Microsoft KB	KB5042217 - Description of the security update for SQL Server 2017 GDR: September 10, 2024	10 Sep 202407:00	–	mskb
Microsoft KB	KB5042578 - Description of the security update for SQL Server 2022 CU14: September 10, 2024	10 Sep 202407:00	–	mskb

NVD

Vulners

CNA

Node

microsoft sql_2016_azure_connect_feature_packRange13.0.7000.253–13.0.7037.1

microsoft sql_server_2016Range13.0.6300.2–13.0.6441.1x64

microsoft sql_server_2017Range14.0.1000.169–14.0.2060.1x64

microsoft sql_server_2017Range14.0.3006.16–14.0.3475.1x64

microsoft sql_server_2019Range15.0.2000.5–15.0.2120.1x64

microsoft sql_server_2019Range15.0.4003.23–15.0.4390.2x64

microsoft sql_server_2022Range16.0.1000.6–16.0.1125.1x64

microsoft sql_server_2022Range16.0.4003.1–16.0.4140.3x64

[
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2017 (GDR)",
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "14.0.0",
        "lessThan": "14.0.2060.1",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2019 (GDR)",
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "15.0.0",
        "lessThan": "15.0.2120.1",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2017 (CU 31)",
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "14.0.0",
        "lessThan": "14.0.3475.1",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2022 (GDR)",
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "16.0.1125.1",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2022 for (CU 14)",
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "16.0.4140.3",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2019 (CU 28)",
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "15.0.0",
        "lessThan": "15.0.4390.2",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

Source	Link
msrc	www.msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37340

31 Dec 2024 23:02Current

8.9High risk

Vulners AI Score8.9

CVSS 3.18.8

EPSS0.04086

SSVC

CWE-822