[email protected]NVD:CVE-2018-8532

HistoryOct 10, 2018 - 1:29 p.m.

CVE-2018-8532

2018-10-1013:29:06

CWE-611

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.003

Percentile

68.2%

JSON

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka “SQL Server Management Studio Information Disclosure Vulnerability.” This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8533.

Affected configurations

Nvd

Node

microsoftsql_server_management_studioMatch17.9

microsoftsql_server_management_studioMatch18.0

VendorProductVersionCPE
microsoftsql_server_management_studio17.9cpe:2.3:a:microsoft:sql_server_management_studio:17.9:*:*:*:*:*:*:*
microsoftsql_server_management_studio18.0cpe:2.3:a:microsoft:sql_server_management_studio:18.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	sql_server_management_studio	17.9	cpe:2.3:a:microsoft:sql_server_management_studio:17.9:::::::*
microsoft	sql_server_management_studio	18.0	cpe:2.3:a:microsoft:sql_server_management_studio:18.0:::::::*