Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2022-29143

7.5HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Sql Server 2017 (gdr)
Microsoft Sql Server 2014 Service Pack 3 (gdr)
Microsoft Sql Server 2016 For X64-based Systems Service Pack 2 (gdr)
Microsoft Sql Server 2014 Service Pack 3 (cu 4)
Vendor
CVE Published:
15 June 2022

Summary

Microsoft SQL Server Remote Code Execution Vulnerability

Affected Version(s)

Microsoft SQL Server 2014 Service Pack 3 (CU 4) 32-bit Systems 12.0.0 < 12.0.6439.10

Microsoft SQL Server 2014 Service Pack 3 (GDR) x64-based Systems 12.0.0 < 12.0.6169.19

Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR) Unknown 13.0.0 < 13.0.5108.50

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

EPSS Score

0% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.