SQL Server Microsoft SQL Server Database Server

stack.watch can notify you when security vulnerabilities are reported in Microsoft SQL Server. You can add multiple products that you use with SQL Server to create your own personal software stack watcher.

@SQLServer Tweets

Announcing two new features enabling lift and shift of Always On #SQL Server Failover Cluster Instances (SQL FCI) f… https://t.co/9pCgztnzFv
Thu Jul 09 18:00:00 +0000 2020

Tune into Data Exposed to learn what two components you must understand before beginning with #AzureSQL Database El… https://t.co/GPUbIXc5Lf
Thu Jul 09 16:00:02 +0000 2020

Expanding SQL Server Big Data Clusters capabilities, now on Red Hat OpenShift. Read more: https://t.co/MfpTF4BmR2 #AzureSQL
Wed Jul 08 20:00:00 +0000 2020

Unleashing insights from #AI requires modernizing your data platform. Learn how we’re doing this at Microsoft:… https://t.co/hsvihNvVmD
Wed Jul 08 16:00:03 +0000 2020

RT @Azure: Find out the latest #HybridCloud trends, strategies, and tools like #AzureArc for building effective hybrid, multicloud, and edg…
Mon Jul 06 16:59:01 +0000 2020

By the Year

In 2020 there have been 1 vulnerability in Microsoft SQL Server with an average score of 8.8 out of ten. Last year SQL Server had 2 security vulnerabilities published. Right now, SQL Server is on track to have less security vulerabilities in 2020 than it did last year. However, the average CVE base score of the vulnerabilities in 2020 is greater by 1.15.

Year Vulnerabilities Average Score
2020 1 8.80
2019 2 7.65
2018 0 0.00

It may take a day or so for new SQL Server vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Microsoft SQL Server Security Vulnerabilities

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests

CVE-2020-0618 8.8 - High - February 11, 2020

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.

CVE-2020-0618 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Input Validation

A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions

CVE-2019-1068 8.8 - High - July 15, 2019

A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'.

CVE-2019-1068 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Input Validation

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions

CVE-2019-0819 6.5 - Medium - May 16, 2019

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Microsoft SQL Server Analysis Services Information Disclosure Vulnerability'.

CVE-2019-0819 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak