Home

CVE-2020-0618

Description

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
94.252

Associated Vulnerability

VulnerabilityOS Platform
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability for SQL Server 2016 SP2 CU11 (KB4535706) 64 bitWindows
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability for SQL Server 2016 SP2 (KB4532097)Windows
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability for SQL Server 2012 SP4 (KB4532098) 64 bitWindows
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability for SQL Server 2014 SP3 (KB4532095) 64 bitWindows
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability for SQL Server 2014 SP3 (KB4532095) 32 bitWindows
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability for SQL Server 2014 SP3 CU4 (KB4535288) 64 bitWindows
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability for SQL Server 2014 SP3 CU4 (KB4535288) 32 bitWindows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-28431Security Update for SQL Server 2016 SP2 CU11 (KB4535706) 64 bit
PATCH-28432Security Update for SQL Server 2016 SP2 (KB4532097)
PATCH-28426Security Update for SQL Server 2012 SP4 (KB4532098) 64 bit
PATCH-28429Security Update for SQL Server 2014 SP3 (KB4532095) 64 bit
PATCH-28430Security Update for SQL Server 2014 SP3 (KB4532095) 32 bit
PATCH-28427Security Update for SQL Server 2014 SP3 CU4 (KB4535288) 64 bit
PATCH-28428Security Update for SQL Server 2014 SP3 CU4 (KB4535288) 32 bit

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234