CVE-2018-8527

Sažetak

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8532, CVE-2018-8533.

Reference

http://www.securityfocus.com/bid/105474
http://www.securitytracker.com/id/1041826
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8527
https://www.exploit-db.com/exploits/45585/

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

27-11-2018 - 14:03

Objavljeno

10-10-2018 - 13:29