Microsoft.Data.SqlClient SQL Feature Bypass Vulnerability
CVE-2024-0056 Published on January 9, 2024

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability

Vendor Advisory NVD

Weakness Type

Cleartext Transmission of Sensitive Information

The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. Many communication channels can be "sniffed" by attackers during data transmission. For example, network traffic can often be sniffed by any attacker who has access to a network interface. This significantly lowers the difficulty of exploitation by attackers.

Products Associated with CVE-2024-0056

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-0056 are published in these products:

Microsoft SQL Server

Microsoft Visual Studio 2022

Microsoft Data Sqlclient

Microsoft System Data Sqlclient

Microsoft Net

Affected Versions

Microsoft SQL Server 2022 (GDR):

Version 16.0.0 and below 16.0.1110.1 is affected.

Microsoft .NET 6.0:

Version 6.0.0 and below 6.0.26 is affected.

Microsoft .NET 7.0:

Version 7.0.0 and below 7.0.15 is affected.

Microsoft .NET 8.0:

Version 8.0 and below 8.0.1 is affected.

Microsoft.Data.SqlClient:

Version 2.0 and below 2.1.7 is affected.

Microsoft.Data.SqlClient:

Version 3.0 and below 3.1.5 is affected.

Microsoft.Data.SqlClient:

Version 4.0 and below 4.0.5 is affected.

Microsoft.Data.SqlClient:

Version 5.0 and below 5.1.3 is affected.

Microsoft System.Data.SqlClient:

Version 1.0 and below 4.8.6 is affected.

Microsoft Visual Studio 2022 version 17.2:

Version 17.2.0 and below 17.2.23 is affected.

Microsoft Visual Studio 2022 version 17.4:

Version 17.4.0 and below 17.4.15 is affected.

Microsoft Visual Studio 2022 version 17.6:

Version 17.6.0 and below 17.6.11 is affected.

Microsoft Visual Studio 2022 version 17.8:

Version 17.8.0 and below 17.8.4 is affected.

Microsoft SQL Server 2022 (CU 10):

Before 16.0.4100.1 is affected.

Microsoft .NET Framework 4.8:

Version 4.8.0 and below 4.8.04690.02 is affected.

Microsoft .NET Framework 3.5 AND 4.8:

Version 4.8.0 and below 4.8.04690.02 is affected.

Microsoft .NET Framework 3.5 AND 4.7.2:

Version 4.7.0 and below 4.7.04081.03 is affected.

Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2:

Version 4.7.0 and below 4.7.04081.02 is affected.

Microsoft .NET Framework 3.5 AND 4.8.1:

Version 4.8.1 and below 4.8.09214.01 is affected.

Microsoft .NET Framework 2.0 Service Pack 2:

Version 2.0.0 and below 3.0.50727.8976 is affected.

Exploit Probability

EPSS

0.64%

Percentile

70.08%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Microsoft.Data.SqlClient SQL Feature Bypass VulnerabilityCVE-2024-0056 Published on January 9, 2024

Weakness Type

Cleartext Transmission of Sensitive Information

Products Associated with CVE-2024-0056

Affected Versions

Exploit Probability

Microsoft.Data.SqlClient SQL Feature Bypass Vulnerability
CVE-2024-0056 Published on January 9, 2024