Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2024-37339

8.8HIGH

Key Information:

Summary

Microsoft SQL Server has been identified with a vulnerability within its Native Scoring feature that allows attackers to execute arbitrary code remotely. This vulnerability can be exploited by sending specially crafted requests to the SQL Server, leading to unexpected behavior and potentially compromising sensitive data. Organizations utilizing affected versions of SQL Server should prioritize patching to mitigate risks associated with unauthorized access and ensure the security of their database environments.

Affected Version(s)

Microsoft SQL Server 2017 (CU 31) x64-based Systems 14.0.0 < 14.0.3475.1

Microsoft SQL Server 2017 (GDR) x64-based Systems 14.0.0 < 14.0.2060.1

Microsoft SQL Server 2019 (CU 28) x64-based Systems 15.0.0 < 15.0.4390.2

References

EPSS Score

0% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed
.