CVE-2000-0654 — Microsoft SQL Server vulnerability

3 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

1.0%

top 22.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft SQL Server

Timeline

PublishedJul 11

Latest updateApr 30

Description

Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/sql_server7.0

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-8cv8-cw5j-h98f: Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dial↗2022-04-30

▶

CVEList

CVE-2000-0654: Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dial↗2000-10-13

▶