KLA11083
Information Disclosure vulnerability in Microsoft SQL Server
Обновлено: 26/06/2019
Дата обнаружения
08/08/2017
Уровень угрозы
Warning
Описание

An incorrect enforcement of permissions was found in Microsoft SQL Server Analysis Services. By exploiting this vulnerability malicious users can obtain sensitive information.


Technical details

This vulnerability can be exploited in case an affected SQL server database can be accessed using the attacker’s credentials.

Пораженные продукты

Microsoft SQL Server 2012 Service Pack 3
Microsoft SQL Server 2014 Service Pack 1
Microsoft SQL Server 2016

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2017-8516
Оказываемое влияние
?
OSI 
[?]
Связанные продукты
Microsoft SQL Server
CVE-IDS
CVE-2017-85165.0Critical
Microsoft official advisories
Microsoft Security Update Guide
KB list

4019092
4019090
4019091
4032542
4019093
4036996
4019088
4019086
4019089
4019095