Описание
The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Server Agent Elevation of Privilege Vulnerability."
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:sql_server:2012:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2012:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2014:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2014:sp2:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.18223
Средний
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
CVSS3: 8.8
github
около 3 лет назад
The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Server Agent Elevation of Privilege Vulnerability."
EPSS
Процентиль: 95%
0.18223
Средний
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-264