Microsoft SQL Server Database Server
@SQLServer Tweets
Sat Mar 06 22:00:03 +0000 2021
Sat Mar 06 20:09:22 +0000 2021
Sat Mar 06 18:00:01 +0000 2021
Sat Mar 06 00:49:20 +0000 2021
Fri Mar 05 21:45:44 +0000 2021
By the Year
In 2021 there have been 1 vulnerability in Microsoft SQL Server with an average score of 8.8 out of ten. Last year SQL Server had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in SQL Server in 2021 could surpass last years number. Interestingly, the average vulnerability score and the number of vulnerabilities for 2021 and last year was the same.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2021 | 1 | 8.80 |
| 2020 | 1 | 8.80 |
| 2019 | 2 | 7.65 |
| 2018 | 0 | 0.00 |
It may take a day or so for new SQL Server vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest Microsoft SQL Server Security Vulnerabilities
Microsoft SQL Elevation of Privilege Vulnerability
CVE-2021-1636
8.8 - High
- January 12, 2021
Microsoft SQL Elevation of Privilege Vulnerability
CVE-2021-1636 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests
CVE-2020-0618
8.8 - High
- February 11, 2020
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
CVE-2020-0618 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Input Validation
A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions
CVE-2019-1068
8.8 - High
- July 15, 2019
A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'.
CVE-2019-1068 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions
CVE-2019-0819
6.5 - Medium
- May 16, 2019
An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Microsoft SQL Server Analysis Services Information Disclosure Vulnerability'.
CVE-2019-0819 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.