CVE-2017-8516 — Sensitive Information Exposure in Corporation SQL Server

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.6%

top 18.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation SQL Server Microsoft SQL Server

Timeline

PublishedAug 8

Latest updateMay 17

Description

Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability".

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDmicrosoft/sql_server2012, 2014, 2016+2

▶CVEListV5microsoft_corporation/sql_serverMicrosoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-qgr4-h86c-w3g3: Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information di↗2022-05-17

▶

CVEList

CVE-2017-8516: Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information di↗2017-08-08

▶

📋Vendor Advisories

Microsoft

Microsoft SQL Server Analysis Services Information Disclosure Vulnerability↗2017-08-08

▶