CVE-2020-0618
published 2020-02-11CVE-2020-0618: A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2024-10-09
Exploited in the wild
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gnu | mailman | >= 0 < 1:2.1.20-1ubuntu0.4 | 1:2.1.20-1ubuntu0.4 |
| gnu | mailman | >= 0 < 1:2.1.26-1ubuntu0.1 | 1:2.1.26-1ubuntu0.1 |
| microsoft | microsoft_sql_server | — | — |
| microsoft | microsoft_sql_server | — | — |
| microsoft | microsoft_sql_server | — | — |
| microsoft | microsoft_sql_server_2014_service_pack_3_for_32-bit_systems | — | — |
| microsoft | microsoft_sql_server_2014_service_pack_3_for_x64-based_systems | — | — |
| microsoft | microsoft_sql_server_2016_for_x64-based_systems_service_pack_2 | — | — |
| microsoft | sql_server | — | — |
| microsoft | sql_server | — | — |
| microsoft | sql_server | — | — |
| msrc | microsoft_sql_server_2012_for_32-bit_systems_service_pack_4 | — | — |
| msrc | microsoft_sql_server_2012_for_x64-based_systems_service_pack_4 | — | — |
| msrc | microsoft_sql_server_2014_service_pack_3_for_32-bit_systems | — | — |
| msrc | microsoft_sql_server_2014_service_pack_3_for_x64-based_systems | — | — |
| msrc | microsoft_sql_server_2016_for_x64-based_systems_service_pack_2 | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv5.4MEDIUM
vulncheck8.8HIGH
cisa8.8HIGH