Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
CVE-2024-37342

7.1HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Sql Server 2019 (cu 28); Microsoft Sql Server 2022 For (cu 14); Microsoft Sql Server 2017 (gdr); Microsoft Sql Server 2019 (gdr)
Vendor: CVE Published:; 10 September 2024

What is CVE-2024-37342?

A vulnerability exists in Microsoft SQL Server that allows for information disclosure through its Native Scoring feature. This could lead to sensitive data exposure under certain conditions, potentially allowing unauthorized access to confidential information. It is crucial for organizations using affected versions of SQL Server to assess and mitigate the risks related to this vulnerability to ensure the integrity and confidentiality of their data.

Affected Version(s)

Microsoft SQL Server 2017 (CU 31) x64-based Systems 14.0.0 < 14.0.3475.1

Microsoft SQL Server 2017 (GDR) x64-based Systems 14.0.0 < 14.0.2060.1

Microsoft SQL Server 2019 (CU 28) x64-based Systems 15.0.0 < 15.0.4390.2

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Jun 5, 2024

CVE-2024-37342 Data

JSON