All the vulnerabilites related to Microsoft - Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU)
cve-2019-1068
Vulnerability from cvelistv5
Published
2019-07-15 18:56
Modified
2024-08-04 18:06
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'.
Impacted products
Vendor Product Version
Microsoft Microsoft SQL Server Version: 2014 Service Pack 2 for 32-bit Systems (CU)
Version: 2014 Service Pack 2 for x64-based Systems (CU)
Version: 2016 for x64-based Systems Service Pack 1 (CU)
Version: 2017 for x64-based Systems (CU)
Version: 2016 for x64-based Systems Service Pack 2 (CU)
Microsoft Microsoft SQL Server 2014 Service Pack 2 for x64-based Systems (GDR) Version: unspecified
Microsoft Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 (GDR) Version: unspecified
Microsoft Microsoft SQL Server 2017 for x64-based Systems (GDR) Version: unspecified
Microsoft Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR) Version: unspecified
Microsoft Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR) Version: unspecified
Microsoft Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU) Version: unspecified
Microsoft Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR) Version: unspecified
Microsoft Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU) Version: unspecified
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:06:31.612Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1068"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft SQL Server 2014 Service Pack 2 for 32-bit Systems (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2014 Service Pack 2 for 32-bit Systems (CU)"
            },
            {
              "status": "affected",
              "version": "2014 Service Pack 2 for x64-based Systems (CU)"
            },
            {
              "status": "affected",
              "version": "2016 for x64-based Systems Service Pack 1 (CU)"
            },
            {
              "status": "affected",
              "version": "2017 for x64-based Systems (CU)"
            },
            {
              "status": "affected",
              "version": "2016 for x64-based Systems Service Pack 2 (CU)"
            }
          ]
        },
        {
          "product": "Microsoft SQL Server 2014 Service Pack 2 for x64-based Systems (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft SQL Server 2017 for x64-based Systems (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka \u0027Microsoft SQL Server Remote Code Execution Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-15T18:56:20",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1068"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-1068",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft SQL Server 2014 Service Pack 2 for 32-bit Systems (GDR)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft SQL Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2014 Service Pack 2 for 32-bit Systems (CU)"
                          },
                          {
                            "version_value": "2014 Service Pack 2 for x64-based Systems (CU)"
                          },
                          {
                            "version_value": "2016 for x64-based Systems Service Pack 1 (CU)"
                          },
                          {
                            "version_value": "2017 for x64-based Systems (CU)"
                          },
                          {
                            "version_value": "2016 for x64-based Systems Service Pack 2 (CU)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft SQL Server 2014 Service Pack 2 for x64-based Systems (GDR)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 (GDR)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft SQL Server 2017 for x64-based Systems (GDR)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka \u0027Microsoft SQL Server Remote Code Execution Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1068",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1068"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-1068",
    "datePublished": "2019-07-15T18:56:20",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T18:06:31.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-0618
Vulnerability from cvelistv5
Published
2020-02-11 21:22
Modified
2024-09-21 03:55
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
Impacted products
Vendor Product Version
Microsoft Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR) Version: unspecified
Microsoft Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU) Version: unspecified
Microsoft Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR) Version: unspecified
Microsoft Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR) Version: unspecified
Microsoft Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU) Version: unspecified
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:11:04.564Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/159216/Microsoft-SQL-Server-Reporting-Services-2016-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "dateAdded": "2024-09-18",
                "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
              },
              "type": "kev"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-0618",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-21T03:55:32.214Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2012 for 32-bit Systems Service Pack 4 (QFE)"
            },
            {
              "status": "affected",
              "version": "2012 for x64-based Systems Service Pack 4 (QFE)"
            },
            {
              "status": "affected",
              "version": "2016 for x64-based Systems Service Pack 2 (CU)"
            }
          ]
        },
        {
          "product": "Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka \u0027Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-17T22:06:13",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/159216/Microsoft-SQL-Server-Reporting-Services-2016-Remote-Code-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-0618",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft SQL Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2012 for 32-bit Systems Service Pack 4 (QFE)"
                          },
                          {
                            "version_value": "2012 for x64-based Systems Service Pack 4 (QFE)"
                          },
                          {
                            "version_value": "2016 for x64-based Systems Service Pack 2 (CU)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka \u0027Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618"
            },
            {
              "name": "http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/159216/Microsoft-SQL-Server-Reporting-Services-2016-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/159216/Microsoft-SQL-Server-Reporting-Services-2016-Remote-Code-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-0618",
    "datePublished": "2020-02-11T21:22:45",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-09-21T03:55:32.214Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}