CVE-2000-0199 — Microsoft SQL Server vulnerability

3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.2%

top 59.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft SQL Server

Timeline

PublishedMar 14

Latest updateApr 30

Description

When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/sql_server7.0

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-5xgx-wrh9-vgf4: When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7↗2022-04-30

▶

CVEList

CVE-2000-0199: When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7↗2000-03-22

▶