KLA12455
Multiple vulnerabilities in Microsoft SQL Server

Updated: 02/10/2022
Detect date
?
02/08/2022
Severity
?
High
Description

Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Microsoft Power BI can be exploited remotely to obtain sensitive information.
  2. An elevation of privilege vulnerability in SQL Server for Linux Containers can be exploited remotely to gain privileges.
Affected products

PowerBI-client JS SDK
SQL Server 2019 for Linux Containers

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2022-23254
CVE-2022-23276

Impacts
?
OSI 
[?]

PE 
[?]
Related products
Microsoft SQL Server
CVE-IDS
?
CVE-2022-232545.0Critical
CVE-2022-232765.0Critical
KB list

5010657

Find out the statistics of the vulnerabilities spreading in your region