Lucene search

K
nessusTenable9814.PRM
HistoryDec 12, 2016 - 12:00 a.m.

Microsoft SQL Server 2016 13.0.1605.0 through 13.0.1721.0 Multiple Privilege Escalation (3194716)

2016-12-1200:00:00
Tenable
www.tenable.com
31

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.23

Percentile

96.6%

The remote host is running a version of Microsoft SQL Server 2016 13.0.1605.0 through 13.0.1721.0 and is affected by multiple vulnerabilities :

  • A flaw exists in the RDBMS engine that is triggered during the handling of pointer casting. This may allow an authenticated attacker to gain elevated privileges. (CVE-2016-7249, CVE-2016-7250)
  • A flaw exists that allows a cross-site scripting (XSS) attack. This flaw exists because the MDS API does not validate input before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server. (CVE-2016-7251)
  • A flaw exists in the Analysis services that is triggered as FILESTREAM paths are not properly checked. This may allow an authenticated attacker to gain access to sensitive information. (CVE-2016-7252)
Binary data 9814.prm
VendorProductVersionCPE
microsoftsql_server2016cpe:/a:microsoft:sql_server:2016

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.23

Percentile

96.6%