Lucene search

K
nvd[email protected]NVD:CVE-2024-37340
HistorySep 10, 2024 - 5:15 p.m.

CVE-2024-37340

2024-09-1017:15:18
CWE-822
web.nvd.nist.gov
4
microsoft
sql server
native scoring
remote code execution
vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.3%

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

Affected configurations

Nvd
Node
microsoftsql_2016_azure_connect_feature_packRange13.0.7000.25313.0.7037.1
OR
microsoftsql_server_2016Range13.0.6300.213.0.6441.1x64
OR
microsoftsql_server_2017Range14.0.1000.16914.0.2060.1x64
OR
microsoftsql_server_2017Range14.0.3006.1614.0.3475.1x64
OR
microsoftsql_server_2019Range15.0.2000.515.0.2120.1x64
OR
microsoftsql_server_2019Range15.0.4003.2315.0.4390.2x64
OR
microsoftsql_server_2022Range16.0.1000.616.0.1125.1x64
OR
microsoftsql_server_2022Range16.0.4003.116.0.4140.3x64
VendorProductVersionCPE
microsoftsql_2016_azure_connect_feature_pack*cpe:2.3:a:microsoft:sql_2016_azure_connect_feature_pack:*:*:*:*:*:*:*:*
microsoftsql_server_2016*cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*
microsoftsql_server_2017*cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*
microsoftsql_server_2019*cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*
microsoftsql_server_2022*cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.3%