8.8

CVE-2016-7253

EPSS 18.22%
Published 10.11.2016 07:00:07
Last modified 12.04.2025 10:46:40
Source secure@microsoft.com
Teams watchlist Login
Open Login

The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Server Agent Elevation of Privilege Vulnerability."

Affected products Warnungen 0 Metrics 3 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Sql Server Version2012 Updatesp2

Microsoft ≫ Sql Server Version2012 Updatesp3

Microsoft ≫ Sql Server Version2014 Updatesp1

Microsoft ≫ Sql Server Version2014 Updatesp2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	18.22%	0.947

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

http://www.securitytracker.com/id/1037250

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136

http://www.securityfocus.com/bid/94056

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2016-7253

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-7253

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-7253

EUVD