Microsoft SQL Server XEvent Configuration Remote Code Execution Vulnerability
CVE-2024-49043 Published on November 12, 2024

Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability
Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability

Vendor Advisory NVD

Weakness Type

What is an Untrusted Path Vulnerability?

The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.

CVE-2024-49043 has been classified to as an Untrusted Path vulnerability or weakness.

Products Associated with CVE-2024-49043

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-49043 are published in these products:

Microsoft SQL Server

Microsoft Sql Server 2016

Microsoft Sql Server 2017

Microsoft Sql Server 2019

Microsoft Sql Server 2022

Affected Versions

Microsoft SQL Server 2017 (GDR):

Version 14.0.0 and below 14.0.2070.1 is affected.

Microsoft SQL Server 2019 (GDR):

Version 15.0.0 and below 15.0.2130.3 is affected.

Microsoft SQL Server 2016 Service Pack 3 (GDR):

Version 13.0.0 and below 13.0.6455.2 is affected.

Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack:

Version 13.0.0 and below 13.0.7050.2 is affected.

Microsoft SQL Server 2017 (CU 31):

Version 14.0.0 and below 14.0.3485.1 is affected.

Microsoft SQL Server 2022 (GDR):

Version 16.0.0 and below 16.0.1135.2 is affected.

Microsoft SQL Server 2019 (CU 29):

Version 15.0.0 and below 15.0.4410.1 is affected.

Microsoft SQL Server 2022 for (CU 15):

Version 16.0.0 and below 16.0.4155.4 is affected.

Exploit Probability

EPSS

0.45%

Percentile

63.18%