Описание
JDBC Driver for SQL Server Spoofing Vulnerability
Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network.
FAQ
How could an attacker exploit this vulnerability?
An attacker could exploit the vulnerability by tricking a victim into connecting to a malicious server using techniques like DNS poisoning or phishing. Once connected, the attacker presents a legitimate TLS certificate with a spoofed Common Name (CN) in the Organizational Unit (OU) field. The JDBC driver mistakenly trusts this certificate, allowing the attacker to intercept SQL credentials and perform a machine-in-the-middle attack on encrypted database traffic.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft JDBC Driver 13.2 for SQL Server | ||
| Microsoft JDBC Driver 12.10 for SQL Server | ||
| Microsoft JDBC Driver 12.8 for SQL Server | ||
| Microsoft JDBC Driver 12.6 for SQL Server | ||
| Microsoft JDBC Driver 12.4 for SQL Server | ||
| Microsoft JDBC Driver 12.2 for SQL Server | ||
| Microsoft JDBC Driver 11.2 for SQL Server | ||
| Microsoft JDBC Driver 10.2 for SQL Server |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
8.1 High
CVSS3
Связанные уязвимости
Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network.
JDBC Driver for SQL Server has improper input validation issue
Уязвимость драйвера JDBC Driver системы управления реляционными базами данных Microsoft SQL Server, позволяющая нарушителю проводить спуфинг-атаки
EPSS
8.1 High
CVSS3