SQL Server Microsoft SQL Server Database Server

stack.watch can email you when security vulnerabilities are reported in Microsoft SQL Server. You can add multiple products that you use with SQL Server to create your own personal software stack watcher.

@SQLServer Tweets

Operate 3.6x faster while taking advantage of built-in, intelligent security. See how #AzureSQL compares to the com… https://t.co/iStmbKel7F
Sat Mar 06 22:00:03 +0000 2021

RT @MS_ITPro: Download the #AzureSQL Resource Kit to jump start your migration to Azure SQL: https://t.co/ltrUaURfeM
Sat Mar 06 20:09:22 +0000 2021

The key to success is preparation. Learn how to conduct a Point in Time restore with #AzureSQL after an error occur… https://t.co/11nowHKETr
Sat Mar 06 18:00:01 +0000 2021

RT @Azure: Learn how your data, infrastructure, and apps run better in the cloud with guided workshops at the free #AzureMigration digital…
Sat Mar 06 00:49:20 +0000 2021

RT @Azure: Get the help you need to simplify your journey to the cloud with the #Azure Migration Program: https://t.co/p86WWOskGR https://t…
Fri Mar 05 21:45:44 +0000 2021

By the Year

In 2021 there have been 1 vulnerability in Microsoft SQL Server with an average score of 8.8 out of ten. Last year SQL Server had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in SQL Server in 2021 could surpass last years number. Interestingly, the average vulnerability score and the number of vulnerabilities for 2021 and last year was the same.

Year Vulnerabilities Average Score
2021 1 8.80
2020 1 8.80
2019 2 7.65
2018 0 0.00

It may take a day or so for new SQL Server vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Microsoft SQL Server Security Vulnerabilities

Microsoft SQL Elevation of Privilege Vulnerability

CVE-2021-1636 8.8 - High - January 12, 2021

Microsoft SQL Elevation of Privilege Vulnerability

CVE-2021-1636 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests

CVE-2020-0618 8.8 - High - February 11, 2020

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.

CVE-2020-0618 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Input Validation

A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions

CVE-2019-1068 8.8 - High - July 15, 2019

A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'.

CVE-2019-1068 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions

CVE-2019-0819 6.5 - Medium - May 16, 2019

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Microsoft SQL Server Analysis Services Information Disclosure Vulnerability'.

CVE-2019-0819 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.