Lucene search

K
cvelistMicrosoftCVELIST:CVE-2024-0056
HistoryJan 09, 2024 - 5:56 p.m.

CVE-2024-0056 Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability

2024-01-0917:56:58
CWE-319
microsoft
www.cve.org

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.4%

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2022 (GDR)",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "16.0.1110.1",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": ".NET 6.0",
    "cpes": [
      "cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "6.0.0",
        "lessThan": "6.0.26",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": ".NET 7.0",
    "cpes": [
      "cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "7.0.0",
        "lessThan": "7.0.15",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": ".NET 8.0",
    "cpes": [
      "cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "8.0.1",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft.Data.SqlClient",
    "cpes": [
      "cpe:2.3:a:microsoft:data_sql_client:2.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:microsoft:data_sql_client:3.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:microsoft:data_sql_client:4.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:microsoft:data_sql_client:5.1:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0",
        "lessThan": "2.1.7",
        "versionType": "custom",
        "status": "affected"
      },
      {
        "version": "1.0",
        "lessThan": "3.1.5",
        "versionType": "custom",
        "status": "affected"
      },
      {
        "version": "1.0",
        "lessThan": "4.0.5",
        "versionType": "custom",
        "status": "affected"
      },
      {
        "version": "1.0",
        "lessThan": "5.1.3",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "System.Data.SqlClient",
    "cpes": [
      "cpe:2.3:a:microsoft:System.Data.SqlClient:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0",
        "lessThan": "4.8.6",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Visual Studio 2022 version 17.2",
    "cpes": [
      "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "17.2.0",
        "lessThan": "17.2.23",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Visual Studio 2022 version 17.4",
    "cpes": [
      "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "17.4.0",
        "lessThan": "17.4.15",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Visual Studio 2022 version 17.6",
    "cpes": [
      "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "17.6.0",
        "lessThan": "17.6.11",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Visual Studio 2022 version 17.8",
    "cpes": [
      "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "17.8.0",
        "lessThan": "17.8.4",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SQL Server 2022 (CU 10)",
    "cpes": [
      "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "0",
        "lessThan": "16.0.4100.1",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft .NET Framework 4.8",
    "cpes": [
      "cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Windows 10 Version 1607 for 32-bit Systems",
      "Windows 10 Version 1607 for x64-based Systems",
      "Windows Server 2016 (Server Core installation)",
      "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
      "Windows Server 2016",
      "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
      "Windows Server 2012 (Server Core installation)",
      "Windows Server 2012",
      "Windows Server 2012 R2",
      "Windows Server 2012 R2 (Server Core installation)"
    ],
    "versions": [
      {
        "version": "4.8.0",
        "lessThan": "4.8.04690.02",
        "versionType": "custom",
        "status": "affected"
      },
      {
        "version": "4.8.0",
        "lessThan": "4.8.04690.01",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft .NET Framework 3.5 AND 4.8",
    "cpes": [
      "cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Windows 10 Version 1809 for 32-bit Systems",
      "Windows 10 Version 1809 for x64-based Systems",
      "Windows Server 2019",
      "Windows Server 2019 (Server Core installation)",
      "Windows Server 2022",
      "Windows Server 2022 (Server Core installation)",
      "Windows 11 version 21H2 for x64-based Systems",
      "Windows 11 version 21H2 for ARM64-based Systems",
      "Windows 10 Version 21H2 for 32-bit Systems",
      "Windows 10 Version 21H2 for ARM64-based Systems",
      "Windows 10 Version 21H2 for x64-based Systems",
      "Windows 10 Version 22H2 for x64-based Systems",
      "Windows 10 Version 22H2 for ARM64-based Systems",
      "Windows 10 Version 22H2 for 32-bit Systems"
    ],
    "versions": [
      {
        "version": "4.8.0",
        "lessThan": "4.8.04690.02",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
    "cpes": [
      "cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Windows 10 Version 1809 for 32-bit Systems",
      "Windows 10 Version 1809 for x64-based Systems",
      "Windows 10 Version 1809 for ARM64-based Systems",
      "Windows Server 2019",
      "Windows Server 2019 (Server Core installation)",
      "Windows 10 Version 1607 for 32-bit Systems",
      "Windows Server 2016",
      "Windows 10 Version 1607 for x64-based Systems",
      "Windows Server 2016 (Server Core installation)"
    ],
    "versions": [
      {
        "version": "4.7.0",
        "lessThan": "4.7.04081.03",
        "versionType": "custom",
        "status": "affected"
      },
      {
        "version": "4.7.0",
        "lessThan": "10.0.14393.6614",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
    "cpes": [
      "cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
      "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
      "Windows Server 2012",
      "Windows Server 2012 (Server Core installation)",
      "Windows Server 2012 R2 (Server Core installation)",
      "Windows Server 2012 R2"
    ],
    "versions": [
      {
        "version": "4.7.0",
        "lessThan": "4.7.04081.02",
        "versionType": "custom",
        "status": "affected"
      },
      {
        "version": "4.7.0",
        "lessThan": "4.7.04081.03",
        "versionType": "custom",
        "status": "affected"
      },
      {
        "version": "4.7.0",
        "lessThan": "3.0.50727.8976",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
    "cpes": [
      "cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Windows Server 2022 (Server Core installation)",
      "Windows Server 2022",
      "Windows 11 version 21H2 for x64-based Systems",
      "Windows 11 version 21H2 for ARM64-based Systems",
      "Windows 10 Version 21H2 for 32-bit Systems",
      "Windows 10 Version 21H2 for ARM64-based Systems",
      "Windows 10 Version 21H2 for x64-based Systems",
      "Windows 11 Version 22H2 for ARM64-based Systems",
      "Windows 11 Version 22H2 for x64-based Systems",
      "Windows 10 Version 22H2 for x64-based Systems",
      "Windows 10 Version 22H2 for ARM64-based Systems",
      "Windows 10 Version 22H2 for 32-bit Systems",
      "Windows 11 Version 23H2 for ARM64-based Systems",
      "Windows Server 2022, 23H2 Edition (Server Core installation)",
      "Windows 11 Version 23H2 for x64-based Systems"
    ],
    "versions": [
      {
        "version": "4.8.1",
        "lessThan": "4.8.09214.01",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft .NET Framework 2.0 Service Pack 2",
    "cpes": [
      "cpe:2.3:a:microsoft:.net:2.0:sp2:*:*:*:*:*:*"
    ],
    "platforms": [
      "Windows Server 2008 for 32-bit Systems Service Pack 2",
      "Windows Server 2008 for x64-based Systems Service Pack 2"
    ],
    "versions": [
      {
        "version": "2.0.0",
        "lessThan": "3.0.50727.8976",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.4%