CVE-2002-1981 — Microsoft SQL Server vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

22.5%

top 4.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft SQL Server

Timeline

PublishedDec 31

Latest updateApr 30

Description

Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/sql_server2000

🔴Vulnerability Details

GHSA

GHSA-4hx5-8h46-q282: Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo st↗2022-04-30

▶

CVEList

CVE-2002-1981: Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo st↗2005-06-28

▶