CVE-2000-0485 — Microsoft SQL Server vulnerability

4 documents4 sources

Severity

2.1LOWNVD

EPSS

1.3%

top 20.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft SQL Server

Timeline

PublishedMay 30

Latest updateApr 30

Description

Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/sql_server6.5, 7.0+1

🔴Vulnerability Details

GHSA

GHSA-682g-mjx4-8wwv: Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS↗2022-04-30

▶

CVEList

CVE-2000-0485: Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS↗2000-10-13

▶

💥Exploits & PoCs

Exploit-DB

IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/lib/print/netprint' Local Privilege Escalation↗2001-05-08

▶