| Assigner | microsoft |
| Reserved | 2022-12-13 |
| Published | 2023-02-14 |
| Updated | 2024-06-10 |
Description
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
| HIGH: 8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Problem types
CWE-20: Improper Input Validation
Product status
10.0.0 before 10.0.17763.4010
affected
10.0.0 before 10.0.17763.4010
affected
10.0.0 before 10.0.17763.4010
affected
10.0.0 before 10.0.20348.1547
affected
10.0.0 before 10.0.20348.1540
affected
10.0.0 before 10.0.19042.2604
affected
10.0.0 before 10.0.22621.1574
affected
10.0.0 before 10.0.19044.2604
affected
10.0.0 before 10.0.22621.1265
affected
10.0.0 before 10.0.19045.2604
affected
10.0.0 before 10.0.10240.19747
affected
10.0.0 before 10.0.14393.5717
affected
10.0.0 before 10.0.14393.5717
affected
10.0.0 before 10.0.14393.5717
affected
6.0.0 before 6.0.6003.21915
affected
6.0.0 before 6.0.6003.21915
affected
6.0.0 before 6.0.6003.21915
affected
6.1.0 before 6.1.7601.26366
affected
6.0.0 before 6.1.7601.26366
affected
6.2.0 before 6.2.9200.24116
affected
6.2.0 before 6.2.9200.24116
affected
6.3.0 before 6.3.9600.20821
affected
6.3.0 before 6.3.9600.20821
affected
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21685 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability) vendor-advisory
cve.org CVE-2023-21685
nvd.nist.gov CVE-2023-21685
Download JSON
