Microsoft SQL Server Database Server

stack.watch can notify you when security vulnerabilities are reported in Microsoft SQL Server. You can add multiple products that you use with SQL Server to create your own personal software stack watcher.

@SQLServer Tweets

Azure Synapse Analytics facilitates swift reaction to today's fast-changing business conditions. Learn more:… https://t.co/XMt8yCPn1q
Wed Dec 02 23:00:00 +0000 2020

Add to your toolbox with cloud optimization, experimentation, and high-level data architecture. Download The Essent… https://t.co/VPGn8Qy2vM
Wed Dec 02 20:00:01 +0000 2020

RT @Azure: If you haven’t registered for the #Azure data and analytics digital event with @SatyaNadella, now’s the time. If you registered,…
Wed Dec 02 18:37:40 +0000 2020

Moving inventory management to Microsoft Azure speeds completion and deployments. Get the stories:… https://t.co/9qW7ACVWMv
Wed Dec 02 17:00:03 +0000 2020

By the Year

In 2020 there have been 1 vulnerability in Microsoft SQL Server with an average score of 8.8 out of ten. Last year SQL Server had 2 security vulnerabilities published. Right now, SQL Server is on track to have less security vulerabilities in 2020 than it did last year. However, the average CVE base score of the vulnerabilities in 2020 is greater by 1.15.

Year	Vulnerabilities	Average Score
2020	1	8.80
2019	2	7.65
2018	0	0.00

It may take a day or so for new SQL Server vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Microsoft SQL Server Security Vulnerabilities

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests

CVE-2020-0618 8.8 - High - February 11, 2020

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.

CVE-2020-0618 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Input Validation

A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions

CVE-2019-1068 8.8 - High - July 15, 2019

A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'.

CVE-2019-1068 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions

CVE-2019-0819 6.5 - Medium - May 16, 2019

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Microsoft SQL Server Analysis Services Information Disclosure Vulnerability'.

CVE-2019-0819 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.