SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21398
8.8HIGH
Key Information:
What is CVE-2024-21398?
The SQL Server Native Client OLE DB Provider has a vulnerability that could allow an attacker to execute remote code on an affected system. This issue arises from improper validation of input data, which could be exploited by an unauthenticated attacker through specially crafted queries. Organizations utilizing the SQL Server Native Client OLE DB Provider should assess their environments to mitigate potential exposure and ensure system integrity.
Affected Version(s)
Microsoft SQL Server 2016 Service Pack 3 (GDR) x64-based Systems 13.0.0 < 13.0.6441.1
Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack x64-based Systems 13.0.0 < 13.0.7037.1
Microsoft SQL Server 2017 (CU 31) x64-based Systems 14.0.0 < 14.0.3471.2