Information Disclosure Vulnerability in Microsoft SQL Server Management Studio
CVE-2018-8532

5.5MEDIUM

Key Information:

Vendor
Microsoft
Status
Sql Server Management Studio 17.9
Sql Server Management Studio 18.0
Vendor
CVE Published:
10 October 2018

Summary

An information disclosure vulnerability affects Microsoft SQL Server Management Studio when processing malicious XMLA files. The vulnerability stems from the application’s handling of external entity references, which may allow attackers to access sensitive information from the system. This flaw specifically impacts SQL Server Management Studio versions 17.9 and 18.0, enabling potential exposure of confidential data. Users should apply security updates and follow best practices to mitigate risks associated with this vulnerability.

Affected Version(s)

SQL Server Management Studio 17.9 SQL Server Management Studio 17.9

SQL Server Management Studio 18.0 (Preview 4)

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041826
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/105475
vdb-entryx_refsource_BID

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.