Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
CVE-2024-0056
Summary
A security feature bypass vulnerability exists in Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Providers. This vulnerability allows an attacker to bypass security measures intended to restrict user access and control over SQL database activities. Successful exploitation could lead to unauthorized data access or manipulation, posing significant risks to the integrity and confidentiality of sensitive information. Organizations utilizing these data providers must assess their environment to apply necessary mitigations and protect their database systems.
Affected Version(s)
.NET 6.0 Unknown 6.0.0 < 6.0.26
.NET 7.0 Unknown 7.0.0 < 7.0.15
.NET 8.0 Unknown 1.0.0 < 8.0.1
News Articles
Kaspersky Threats β KLA62822
Kaspersky Threats β KLA62822 Multiple vulnerabilities in Microsoft Developer Tools
1 year ago
Microsoft fixes 48 bugs in January Patch Tuesday, none of them zero-days
Security pros noted that the first Patch Tuesday of 2024 was the second consecutive release by Microsoft with no zero-days.
1 year ago
References
EPSS Score
0% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π°
First article discovered by SC Magazine
Vulnerability published
Vulnerability Reserved