Home

CVE-2019-1068

Description

A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka Microsoft SQL Server Remote Code Execution Vulnerability.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
41.568

Associated Vulnerability

VulnerabilityOS Platform
Microsoft SQL Server Remote Code Execution Vulnerability for SQL Server 2014 SP2 CU17 (KB4505419) 64 bitWindows
Microsoft SQL Server Remote Code Execution Vulnerability for SQL Server 2016 SP1 (KB4505219)Windows
Microsoft SQL Server Remote Code Execution Vulnerability for SQL Server 2014 Service Pack 2 GDR (KB4505217)Windows
Microsoft SQL Server Remote Code Execution Vulnerability for SQL Server 2014 SP3 (KB4505218)Windows
Microsoft SQL Server Remote Code Execution Vulnerability for SQL Server 2014 SP3 CU3 (KB4505422)Windows
Microsoft SQL Server Remote Code Execution Vulnerability for SQL Server 2017 RTM CU15 (KB4505225)Windows
Microsoft SQL Server Remote Code Execution Vulnerability for SQL Server 2017 RTM (KB4505224)Windows
Microsoft SQL Server Remote Code Execution Vulnerability for SQL Server 2016 SP2 (KB4505220)Windows
Microsoft SQL Server Remote Code Execution Vulnerability for SQL Server 2016 SP2 CU7 (KB4505222)Windows
Microsoft SQL Server Remote Code Execution Vulnerability for SQL Server 2016 SP1 CU15 (KB4505221)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-27162Security Update for SQL Server 2014 SP2 CU17 (KB4505419) 64 bit
PATCH-27167Security Update for SQL Server 2016 SP1 (KB4505219)
PATCH-27163Security Update for SQL Server 2014 Service Pack 2 GDR (KB4505217)
PATCH-27165Security Update for SQL Server 2014 SP3 (KB4505218)
PATCH-27164Security Update for SQL Server 2014 SP3 CU3 (KB4505422)
PATCH-27170Security Update for SQL Server 2017 RTM CU15 (KB4505225)
PATCH-27171Security Update for SQL Server 2017 RTM (KB4505224)
PATCH-27169Security Update for SQL Server 2016 SP2 (KB4505220)
PATCH-27168Security Update for SQL Server 2016 SP2 CU7 (KB4505222)
PATCH-27166Security Update for SQL Server 2016 SP1 CU15 (KB4505221)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234