cbcvebase.
CVE-2018-8527
published 2018-10-10

CVE-2018-8527: An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an…

PriorityP341medium5.5CVSS 3.0
AVLACLPRNUIRSUCHINAN
EXPLOIT
EPSS
23.37%
97.5th percentile
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8532, CVE-2018-8533.

Affected

5 ranges
VendorProductVersion rangeFixed in
microsoftsql_server_management_studio
microsoftsql_server_management_studio
microsoftsql_server_management_studio_17.9
microsoftsql_server_management_studio_18.0
msrcsql_server_management_studio_17.9

CVSS provenance

nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_msrc5.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.