Home

CVE-2024-37323

Description

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.426

Associated Vulnerability

VulnerabilityOS Platform
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability for SQL Server 2016 SP3 (KB5040946)Windows
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability for SQL Server 2016 SP3 Azure Connect Feature Pack (KB5040944)Windows
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability for SQL Server 2017 RTM CU (KB5040940)Windows
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability for SQL Server 2019 RTM CU (KB5040948)Windows
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability for SQL Server 2019 RTM (KB5040986)Windows
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability for SQL Server 2022 RTM CU (KB5040939)Windows
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability for SQL Server 2022 RTM (KB5040936)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-39381Security Update for SQL Server 2016 SP3 (KB5040946)
PATCH-39380Security Update for SQL Server 2016 SP3 Azure Connect Feature Pack (KB5040944)
PATCH-39382Security Update for SQL Server 2017 RTM CU (KB5040940)
PATCH-39383Security Update for SQL Server 2019 RTM CU (KB5040948)
PATCH-39384Security Update for SQL Server 2019 RTM (KB5040986)
PATCH-39386Security Update for SQL Server 2022 RTM CU (KB5040939)
PATCH-39385Security Update for SQL Server 2022 RTM (KB5040936)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234