8.8
CVE-2024-28944
- EPSS 2.62%
- Published 09.04.2024 17:15:56
- Last modified 15.01.2025 19:06:42
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Ole Db Driver For Sql Server Version >= 18.0.2 < 18.7.0002.0
Microsoft ≫ Ole Db Driver For Sql Server Version >= 19.0.0 < 19.3.0003.0
Microsoft ≫ Sql Server 2019 HwPlatformx64 Version >= 15.0.2000.5 < 15.0.2110.4
Microsoft ≫ Sql Server 2019 HwPlatformx64 Version >= 15.0.4003.23 < 15.0.4360.2
Microsoft ≫ Sql Server 2022 HwPlatformx64 Version >= 16.0.1000.6 < 16.0.1115.1
Microsoft ≫ Sql Server 2022 HwPlatformx64 Version >= 16.0.4003.1 < 16.0.4120.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.62% | 0.852 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secure@microsoft.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-197 Numeric Truncation Error
Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.