Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11620
HistoryDec 10, 2019 - 12:00 a.m.

KLA11620 SUI Vulnerability in Microsoft SQL Server

2019-12-1000:00:00
Kaspersky Lab
threats.kaspersky.com
12

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

52.9%

JSON

Detect date:

12/10/2019

Severity:

High

Description:

A cross-site-scripting (XSS) vulnerability was found in Microsoft SQL Server Reporting Services. Malicious users can exploit this vulnerability to spoof user interface.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

SQL Server 2017 Reporting Services
Power BI Report Server
SQL Server 2019 Reporting Services

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2019-1332

Impacts:

SUI

Related products:

Microsoft SQL Server

CVE-IDS:

CVE-2019-13326.1High

Microsoft official advisories:

KB list:

4532097
4535706

Related

cve 1
prion 1
symantec 1
mscve 1
cvelist 1
mskb 2
talosblog 1
cve
cve
CVE-2019-1332
2019-12-10 22:15:00
prion
prion
Cross site scripting
2019-12-10 22:15:00
symantec
symantec
Microsoft SQL Server Reporting Services CVE-2019-1332 Cross Site Scripting Vulnerability
2019-12-10 00:00:00
mscve
mscve
Microsoft SQL Server Reporting Services XSS Vulnerability
2019-12-10 08:00:00
cvelist
cvelist
CVE-2019-1332
2019-12-10 21:40:56
mskb
mskb
KB4535706 - Description of the security update for SQL Server 2016 SP2 CU11: February 11, 2020
2020-02-11 08:00:00
KB4532097 - Description of the security update for SQL Server 2016 SP2 GDR: February 11, 2020
2020-02-11 08:00:00
talosblog
talosblog
Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage
2019-12-10 10:41:37

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

52.9%

JSON
Related for KLA11620
cve1prion1symantec1mscve1cvelist1mskb2talosblog1