CVE-2018-8533
published 2018-10-10CVE-2018-8533: An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an…
PriorityP341medium5.5CVSS 3.0
AVLACLPRNUIRSUCHINAN
EXPLOIT
EPSS
23.37%
97.5th percentile
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8532.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | sql_server_management_studio | — | — |
| microsoft | sql_server_management_studio | — | — |
| microsoft | sql_server_management_studio_17.9 | — | — |
| microsoft | sql_server_management_studio_18.0 | — | — |
| msrc | sql_server_management_studio_17.9 | — | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_msrc5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gmwc-6m29-5hv6: An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a referen
ghsa_unreviewed·2022-05-14·CVSS 5.5
CVE-2018-8527 [MEDIUM] CWE-611 GHSA-gmwc-6m29-5hv6: An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a referen
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8532, CVE-2018-8533.
GHSA
GHSA-r6vp-xpx4-xx8q: An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a refere
ghsa_unreviewed·2022-05-14·CVSS 5.5
CVE-2018-8533 [MEDIUM] CWE-611 GHSA-r6vp-xpx4-xx8q: An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a refere
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8532.
GHSA
GHSA-x45m-w2h7-rx2r: An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a refere
ghsa_unreviewed·2022-05-14·CVSS 5.5
CVE-2018-8532 [MEDIUM] CWE-611 GHSA-x45m-w2h7-rx2r: An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a refere
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8533.
Microsoft
SQL Server Management Studio Information Disclosure Vulnerability
vendor_msrc·2018-10-09·CVSS 5.5
CVE-2018-8533 [MEDIUM] SQL Server Management Studio Information Disclosure Vulnerability
SQL Server Management Studio Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity declaration.
To exploit the vulnerability, an attacker must entice a user on an affected SSMS server to open a specially crafted XML file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and then convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/105476http://www.securitytracker.com/id/1041826https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8533https://www.exploit-db.com/exploits/45583/http://www.securityfocus.com/bid/105476http://www.securitytracker.com/id/1041826https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8533https://www.exploit-db.com/exploits/45583/
2018-10-10
Published