Lucene search
HistoryApr 11, 2023 - 9:15 p.m.
CVE-2023-23375
microsoft
odbc
ole db
remote code execution
vulnerability
nvd
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.7%
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
Affected configurations
Node
microsoftole_db_driver_18_for_sql_serverRange18.0.0–18.6.5
ORmicrosoftole_db_driver_19_for_sql_serverRange19.0.0–19.3.0
ORmicrosoftodbc_driver_17_for_sql_serverRange17.0.0.0–17.10.3.1
ORmicrosoftodbc_driver_18_for_sql_serverRange18.0.0.0–18.2.1.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | ole_db_driver_18_for_sql_server | * | cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:* |
| microsoft | ole_db_driver_19_for_sql_server | * | cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:* |
| microsoft | odbc_driver_17_for_sql_server | * | cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:* |
| microsoft | odbc_driver_18_for_sql_server | * | cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Microsoft",
"product": "Microsoft OLE DB Driver 18 for SQL Server",
"cpes": [
"cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "18.0.0",
"lessThan": "18.6.5",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft OLE DB Driver 19 for SQL Server",
"cpes": [
"cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "19.0.0",
"lessThan": "19.3.0",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft ODBC Driver 17 for SQL Server",
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "17.0.0.0",
"lessThan": "17.10.3.1",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft ODBC Driver 18 for SQL Server",
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "18.0.0.0",
"lessThan": "18.2.1.1",
"versionType": "custom",
"status": "affected"
}
]
}
]Social References
More
Related
prion
prion
Remote code execution
2023-04-11 21:15:00
cvelist
cvelist
CVE-2023-23375 Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
2023-04-11 19:13:25
nvd
nvd
CVE-2023-23375
2023-04-11 21:15:17
nessus
nessus
Security Updates for Microsoft SQL Server OLE DB Driver (April 2023)
2023-05-12 00:00:00
Security Updates for Microsoft SQL Server ODBC Driver (April 2023)
2023-05-12 00:00:00
mscve
mscve
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
2023-04-11 07:00:00
kaspersky
kaspersky
KLA48844 Multiple vulnerabilities in Microsoft SQL Server
2023-04-11 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - April 2023
2023-04-11 22:49:56
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.7%
Related for CVE-2023-23375