6.5

CVE-2015-1761

EPSS 8.42%
Veröffentlicht 14.07.2015 23:59:00
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain privileges by leveraging certain write access, aka "SQL Server Elevation of Privilege Vulnerability."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Sql Server Version2008 Updater2_sp2

Microsoft ≫ Sql Server Version2008 Updater2_sp3

Microsoft ≫ Sql Server Version2008 Updatesp3

Microsoft ≫ Sql Server Version2008 Updatesp4

Microsoft ≫ Sql Server Version2012 Updatesp1

Microsoft ≫ Sql Server Version2012 Updatesp2

Microsoft ≫ Sql Server Version2014

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	8.42%	0.92

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www.securitytracker.com/id/1032893

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-058

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05382740

https://nvd.nist.gov/vuln/detail/CVE-2015-1761

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-1761

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-1761

EUVD