CVE-2016-7253
Description
The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka SQL Server Agent Elevation of Privilege Vulnerability.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
18.223
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 SP2 GDR (KB3194719) x86 based systems | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 SP2 GDR (KB3194719) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 SP2 GDR (KB3194719) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 SP2 GDR (KB3194719) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 SP2 CU (KB3194725) x86 based systems | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 SP2 CU (KB3194725) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 SP2 CU (KB3194725) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 SP2 CU (KB3194725) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 Service Pack 3 GDR (KB3194721) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 Service Pack 3 GDR (KB3194721) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 Service Pack 3 GDR (KB3194721) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 Service Pack 3 GDR (KB3194721) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 Service Pack 3 CU (KB3194724) x86 based systems | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 Service Pack 3 CU (KB3194724) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 Service Pack 3 CU (KB3194724) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 Service Pack 3 CU (KB3194724) | Windows |
| SQL RDBMS Engine Elevation of Privilege Vulnerability for SQL Server 2014 Service Pack 1 GDR (KB3194720) x86 based systems | Windows |
| SQL RDBMS Engine Elevation of Privilege Vulnerability for SQL Server 2014 Service Pack 1 GDR (KB3194720) x64 bases systems | Windows |
| SQL RDBMS Engine Elevation of Privilege Vulnerability for SQL Server 2014 Service Pack 1 CU (KB3194722) x86 based systems | Windows |
| SQL RDBMS Engine Elevation of Privilege Vulnerability for SQL Server 2014 Service Pack 1 CU (KB3194722) x64 bases systems | Windows |
| SQL RDBMS Engine Elevation of Privilege Vulnerability for SQL Server 2014 Service Pack 2 GDR (KB3194714) | Windows |
| SQL RDBMS Engine Elevation of Privilege Vulnerability for SQL Server 2014 Service Pack 2 GDR (KB3194714) x64 bases systems | Windows |
| SQL RDBMS Engine Elevation of Privilege Vulnerability for SQL Server 2014 Service Pack 2 CU (KB3194718) x86 based systems | Windows |
| SQL RDBMS Engine Elevation of Privilege Vulnerability for SQL Server 2014 Service Pack 2 CU (KB3194718) x64 bases systems | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-21779 | Security Update for SQL Server 2012 SP2 GDR (KB3194719) 32 bit |
| PATCH-21780 | Security Update for SQL Server 2012 SP2 GDR (KB3194719) |
| PATCH-21781 | Security Update for SQL Server 2012 SP2 GDR (KB3194719) 64 bit |
| PATCH-21782 | Security Update for SQL Server 2012 SP2 GDR (KB3194719) 64 bit |
| PATCH-21783 | Security Update for SQL Server 2012 SP2 CU (KB3194725) 32 bit |
| PATCH-21784 | Security Update for SQL Server 2012 SP2 CU (KB3194725) |
| PATCH-21785 | Security Update for SQL Server 2012 SP2 CU (KB3194725) 64 bit |
| PATCH-21786 | Security Update for SQL Server 2012 SP2 CU (KB3194725) 64 bit |
| PATCH-21789 | Security Update for SQL Server 2012 Service Pack 3 GDR (KB3194721) 64 bit |
| PATCH-21790 | Security Update for SQL Server 2012 Service Pack 3 GDR (KB3194721) 64 bit |
| PATCH-21791 | Security Update for SQL Server 2012 Service Pack 3 CU (KB3194724) 32 bit |
| PATCH-21792 | Security Update for SQL Server 2012 Service Pack 3 CU (KB3194724) |
| PATCH-21793 | Security Update for SQL Server 2012 Service Pack 3 CU (KB3194724) 64 bit |
| PATCH-21794 | Security Update for SQL Server 2012 Service Pack 3 CU (KB3194724) 64 bit |
| PATCH-21809 | Security Update for SQL Server 2014 Service Pack 1 GDR (KB3194720) 32 bit |
| PATCH-21810 | Security Update for SQL Server 2014 Service Pack 1 GDR (KB3194720) 64 bit |
| PATCH-21811 | Security Update for SQL Server 2014 Service Pack 1 CU (KB3194722) 32 bit |
| PATCH-21812 | Security Update for SQL Server 2014 Service Pack 1 CU (KB3194722) 64 bit |
| PATCH-21814 | Security Update for SQL Server 2014 Service Pack 2 GDR (KB3194714) 64 bit |
| PATCH-21815 | Security Update for SQL Server 2014 Service Pack 2 CU (KB3194718) 32 bit |
| PATCH-21816 | Security Update for SQL Server 2014 Service Pack 2 CU (KB3194718) 64 bit |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234