8.8
CVE-2024-28945
- EPSS 1.78%
- Veröffentlicht 09.04.2024 17:15:57
- Zuletzt bearbeitet 15.01.2025 19:06:51
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
LoginMicrosoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Ole Db Driver For Sql Server Version >= 18.0.2 < 18.7.0002.0
Microsoft ≫ Ole Db Driver For Sql Server Version >= 19.0.0 < 19.3.0003.0
Microsoft ≫ Sql Server 2019 HwPlatformx64 Version >= 15.0.2000.5 < 15.0.2110.4
Microsoft ≫ Sql Server 2019 HwPlatformx64 Version >= 15.0.4003.23 < 15.0.4360.2
Microsoft ≫ Sql Server 2022 HwPlatformx64 Version >= 16.0.1000.6 < 16.0.1115.1
Microsoft ≫ Sql Server 2022 HwPlatformx64 Version >= 16.0.4003.1 < 16.0.4120.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.78% | 0.821 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secure@microsoft.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-191 Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.