- Description
- A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka "Microsoft SQL Server Remote Code Execution Vulnerability." This affects Microsoft SQL Server.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-787
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:sql_server:2016:sp1:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "97A4EB92-A4A6-4B22-BB08-8519F492C191"
},
{
"criteria": "cpe:2.3:o:microsoft:sql_server:2016:sp2:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "6E0BED4C-0F23-4725-9C80-51C52ABD98BC"
},
{
"criteria": "cpe:2.3:o:microsoft:sql_server:2017:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "71370E02-63ED-4EA7-A52F-DC79381EA918"
}
],
"operator": "OR"
}
]
}
]