Описание
Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability".
Ссылки
- Third Party Advisory
- URL Repurposed
- PatchVendor Advisory
- Third Party Advisory
- URL Repurposed
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:sql_server:2012:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2014:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2014:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2016:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2016:sp1:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.01089
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
msrc
почти 8 лет назад
Microsoft SQL Server Analysis Services Information Disclosure Vulnerability
CVSS3: 7.5
github
около 3 лет назад
Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability".
EPSS
Процентиль: 77%
0.01089
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200