CVE-1999-1556 — Microsoft SQL Server vulnerability

3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.7%

top 28.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft SQL Server

Timeline

PublishedJun 29

Latest updateApr 30

Description

Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/sql_server6.5

🔴Vulnerability Details

GHSA

GHSA-f4x9-cgw2-8r83: Microsoft SQL Server 6↗2022-04-30

▶

CVEList

CVE-1999-1556: Microsoft SQL Server 6↗2004-09-01

▶