CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
CVE-2023-21718 | Microsoft SQL ODBC Driver Remote Code Execution Vulnerability | Microsoft SQL Server 2022 | Critical | 27-02-2023 |
Technical Information
A remote code execution vulnerability where an un-authenticated user attempting to connect to a malicious SQL server database via ODBC could result in the database returning malicious data that might cause arbitrary code execution on the client.
Further information on this vulnerability is available at : CVE-2023-21718
Affected Software
Microsoft SQL Server 2017 for x64-based Systems (GDR),Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR),
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR),
Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4),
Microsoft SQL Server 2019 for x64-based Systems (GDR),
Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4),
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR),
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connectivity Pack,
Microsoft SQL Server 2017 for x64-based Systems (CU 31),
Microsoft SQL Server 2022 for x64-based Systems (GDR),
Microsoft SQL Server 2019 for x64-based Systems (CU 18)