CVE-2024-21333

Published Jul 9, 2024

Last updated a month ago

CVSS high 8.8

Overview

Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Source: secure@microsoft.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

secure@microsoft.com: CWE-122
nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "52804B2D-2D71-41DC-92BC-4B3C086CFE59",
            "versionEndExcluding": "13.0.6441.1",
            "versionStartIncluding": "13.0.6300.2"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "C736C053-C058-4D51-A248-6933448045BA",
            "versionEndExcluding": "13.0.7037.1",
            "versionStartIncluding": "13.0.7000.253"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "805A8624-FFA0-48D6-9B19-D6B75F8FCA50",
            "versionEndExcluding": "14.0.2056.2",
            "versionStartIncluding": "14.0.1000.169"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "39B9F117-2AE1-4D98-8B3C-53EF4F67CAEC",
            "versionEndExcluding": "14.0.3471.2",
            "versionStartIncluding": "14.0.3006.16"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "782A9D81-65C8-442D-AF6E-6FBF0714B30E",
            "versionEndExcluding": "15.0.2116.2",
            "versionStartIncluding": "15.0.2000.5"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "F881242C-241B-4279-AB0F-2D3EF241E67D",
            "versionEndExcluding": "15.0.4382.1",
            "versionStartIncluding": "15.0.4003.23"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "B89DF738-CC52-4C5D-9D51-19A32565742D",
            "versionEndExcluding": "16.0.1121.4",
            "versionStartIncluding": "16.0.1000.6"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "BAFC0689-DA13-40B0-9088-F661A0567877",
            "versionEndExcluding": "16.0.4131.2",
            "versionStartIncluding": "16.0.4003.1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References