Microsoft SQL Server Database Server

stack.watch can notify you when security vulnerabilities are reported in Microsoft SQL Server. You can add multiple products that you use with SQL Server to create your own personal software stack watcher.

@SQLServer Tweets

RT @Azure: New #AzureSQL learning tools are now available! Become an Azure SQL professional with the latest additions to this educational p…
Mon Sep 28 20:00:00 +0000 2020

Dive deeper into the deployment options and service tiers for #AzureSQL Database on this episode of Data Exposed. W… https://t.co/odFNXycH58
Mon Sep 28 16:00:00 +0000 2020

Continue your #data training from #MSIgnite by joining the world’s largest conference for data professionals—… https://t.co/28Lip9prNN
Mon Sep 28 05:00:01 +0000 2020

Analyze data in Azure Data Explorer using the Kusto Query Language (KQL) extension in Azure Data Studio—now availab… https://t.co/wWnruLPT6T
Sun Sep 27 21:00:04 +0000 2020

Learn about different #SQLServer deployment models and how to choose the right one for your organization. Read this… https://t.co/LKU0S5A7eD
Sun Sep 27 19:00:00 +0000 2020

By the Year

In 2020 there have been 1 vulnerability in Microsoft SQL Server with an average score of 8.8 out of ten. Last year SQL Server had 2 security vulnerabilities published. Right now, SQL Server is on track to have less security vulerabilities in 2020 than it did last year. However, the average CVE base score of the vulnerabilities in 2020 is greater by 1.15.

Year	Vulnerabilities	Average Score
2020	1	8.80
2019	2	7.65
2018	0	0.00

It may take a day or so for new SQL Server vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Microsoft SQL Server Security Vulnerabilities

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests

CVE-2020-0618 8.8 - High - February 11, 2020

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.

CVE-2020-0618 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Input Validation

A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions

CVE-2019-1068 8.8 - High - July 15, 2019

A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'.

CVE-2019-1068 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions

CVE-2019-0819 6.5 - Medium - May 16, 2019

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Microsoft SQL Server Analysis Services Information Disclosure Vulnerability'.

CVE-2019-0819 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.