Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2024-37339
Summary
Microsoft SQL Server has been identified with a vulnerability within its Native Scoring feature that allows attackers to execute arbitrary code remotely. This vulnerability can be exploited by sending specially crafted requests to the SQL Server, leading to unexpected behavior and potentially compromising sensitive data. Organizations utilizing affected versions of SQL Server should prioritize patching to mitigate risks associated with unauthorized access and ensure the security of their database environments.
Affected Version(s)
Microsoft SQL Server 2017 (CU 31) x64-based Systems 14.0.0 < 14.0.3475.1
Microsoft SQL Server 2017 (GDR) x64-based Systems 14.0.0 < 14.0.2060.1
Microsoft SQL Server 2019 (CU 28) x64-based Systems 15.0.0 < 15.0.4390.2
References
EPSS Score
0% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved