CVE-2019-0819 — Sensitive Information Exposure in Microsoft SQL Server 2017 FOR X64-based Systems

4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

5.7%

top 9.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft SQL Server 2017 FOR X64-based Systems Microsoft SQL Server

Timeline

PublishedMay 16

Latest updateMay 24

Description

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Microsoft SQL Server Analysis Services Information Disclosure Vulnerability'.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDmicrosoft/sql_server2017

▶CVEListV5microsoft/microsoft_sql_server_2017_for_x64-based_systemsunspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-4pv4-8h84-4vg6: An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Micros↗2022-05-24

▶

CVEList

CVE-2019-0819: An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Micros↗2019-05-16

▶

📋Vendor Advisories

Microsoft

Microsoft SQL Server Analysis Services Information Disclosure Vulnerability↗2019-05-14

▶