CVE-2021-1636

CWE-89SQL Injection6 documents6 sources
Severity
8.8HIGH
EPSS
6.9%
top 8.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Microsoft Microsoft SQL Server 2012 FOR X64-based Systems Service Pack 4 (qfe)Microsoft Microsoft SQL Server 2012 Service Pack 4 (qfe)Microsoft Microsoft SQL Server 2014 Service Pack 3 (CU 4)+8 more
Timeline
PublishedJan 12
Latest updateMay 31

Description

Microsoft SQL Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages11 packages

CVEListV5microsoft/microsoft_sql_server_2017_(gdr)14.0.0publication
CVEListV5microsoft/microsoft_sql_server_2019_(gdr)15.0.0publication
CVEListV5microsoft/microsoft_sql_server_2019_(cu_8)16.0.0publication
CVEListV5microsoft/microsoft_sql_server_2017_(cu_22)14.0.0publication

🔴Vulnerability Details

3
GHSA
GHSA-hmh6-2fr5-6q37: Microsoft SQL Elevation of Privilege Vulnerability2022-05-24
CVEList
Microsoft SQL Elevation of Privilege Vulnerability2021-01-12
VulnCheck
Microsoft SQL Server Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')2021

📋Vendor Advisories

2
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2022-18592022-05-31
Microsoft
Microsoft SQL Elevation of Privilege Vulnerability2021-01-12
CVE-2021-1636 (HIGH CVSS 8.8) | Microsoft SQL Elevation of Privileg | cvebase.io