KLA11083
Information Disclosure vulnerability in Microsoft SQL Server

Обновлено: 03/06/2020
Дата обнаружения
08/08/2017
Уровень угрозы
Warning
Описание

An incorrect enforcement of permissions was found in Microsoft SQL Server Analysis Services. By exploiting this vulnerability malicious users can obtain sensitive information.


Technical details

This vulnerability can be exploited in case an affected SQL server database can be accessed using the attacker’s credentials.

Пораженные продукты

Microsoft SQL Server 2012 Service Pack 3
Microsoft SQL Server 2014 Service Pack 1
Microsoft SQL Server 2016

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2017-8516
Оказываемое влияние
?
OSI 
[?]
Связанные продукты
Microsoft SQL Server
CVE-IDS
CVE-2017-85165.0Critical