Microsoft SQL Server Elevation of Privilege Vulnerability CVE-2024-37341
CVE-2024-37341 Published on September 10, 2024

Microsoft SQL Server Elevation of Privilege Vulnerability
Microsoft SQL Server Elevation of Privilege Vulnerability

Vendor Advisory NVD

Weakness Type

What is an Authorization Vulnerability?

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE-2024-37341 has been classified to as an Authorization vulnerability or weakness.

Products Associated with CVE-2024-37341

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-37341 are published in these products:

Microsoft Sql Server 2016

Microsoft Sql Server 2017

Microsoft Sql Server 2019

Microsoft Sql Server 2022

Microsoft Sql 2016 Azure Connect Feature Pack

Microsoft SQL Server

Affected Versions

Microsoft SQL Server 2017 (GDR):

Version 14.0.0 and below 14.0.2065.1 is affected.

Microsoft SQL Server 2019 (GDR):

Version 15.0.0 and below 15.0.2125.1 is affected.

Microsoft SQL Server 2016 Service Pack 3 (GDR):

Version 13.0.0 and below 13.0.6450.1 is affected.

Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack:

Version 13.0.0 and below 13.0.7045.2 is affected.

Microsoft SQL Server 2017 (CU 31):

Version 14.0.0 and below 14.0.3480.1 is affected.

Microsoft SQL Server 2022 (GDR):

Version 16.0.0 and below 16.0.1130.5 is affected.

Microsoft SQL Server 2022 for (CU 15):

Version 16.0.0 and below 16.0.4150.1 is affected.

Microsoft SQL Server 2019 (CU 28):

Version 15.0.0 and below 15.0.4395.2 is affected.

Exploit Probability

EPSS

3.42%

Percentile

87.21%