Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2024-37335

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Sql Server 2017 (gdr); Microsoft Sql Server 2019 (gdr); Microsoft Sql Server 2017 (cu 31); Microsoft Sql Server 2022 (gdr)
Vendor: CVE Published:; 10 September 2024

Summary

The vulnerability in Microsoft SQL Server Native Scoring allows for remote code execution, potentially enabling attackers to run arbitrary code on affected systems. This could lead to unauthorized access and manipulation of sensitive data. Organizations using the impacted SQL Server versions should promptly apply security updates and implement mitigations to safeguard against potential exploitations. Regular security assessments and monitoring are advised to ensure ongoing protection from such vulnerabilities.

Affected Version(s)

Microsoft SQL Server 2017 (CU 31) x64-based Systems 14.0.0 < 14.0.3475.1

Microsoft SQL Server 2017 (GDR) x64-based Systems 14.0.0 < 14.0.2060.1

Microsoft SQL Server 2019 (CU 28) x64-based Systems 15.0.0 < 15.0.4390.2

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Jun 5, 2024