3 matches found
CVE-2018-8533
CVE-2018-8533 affects Microsoft SQL Server Management Studio (SSMS) v17.9 and v18.0 (Preview 4). The vulnerability is an XML External Entity (XXE) information-disclosure flaw in the XML/XEL/XMLA parsing path, caused by external-entity references in crafted XML content. Exploitation requires user ...
CVE-2018-8532
Microsoft SQL Server Management Studio (SSMS) 17.9 and SSMS 18.0 (Preview 4) are affected by CVE-2018-8532 due to an XML External Entity (XXE) information-disclosure vulnerability when parsing a crafted XMLA file that references an external entity. The vulnerability enables disclosure of sensitiv...
CVE-2018-8527
CVE-2018-8527 (and related CVEs 2018-8532/8533) affect Microsoft SQL Server Management Studio (SSMS) 17.9 and 18.0 Preview 4. The root cause is an XML/XEL parsing flaw that allows XML External Entity (XXE) injection via a malicious XEL/XML/XMLA file, leading to information disclosure. Exploitatio...