CVE-2024-21375 | THREATINT

Assigner	microsoft
Reserved	2023-12-08
Published	2024-02-13
Updated	2024-10-09

Description

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

HIGH: 8.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Product status

10.0.0 before 10.0.17763.5458

affected

10.0.0 before 10.0.17763.5458

affected

10.0.0 before 10.0.17763.5458

affected

10.0.0 before 10.0.20348.2322

affected

10.0.0 before 10.0.22000.2777

affected

10.0.0 before 10.0.19044.4046

affected

10.0.0 before 10.0.22621.3155

affected

10.0.0 before 10.0.19045.4046

affected

10.0.0 before 10.0.22631.3155

affected

10.0.0 before 10.0.22631.3155

affected

10.0.0 before 10.0.25398.709

affected

10.0.0 before 10.0.10240.20469

affected

10.0.0 before 10.0.14393.6709

affected

10.0.0 before 10.0.14393.6709

affected

10.0.0 before 10.0.14393.6709

affected

6.0.0 before 6.0.6003.22511

affected

6.0.0 before 6.0.6003.22511

affected

6.0.0 before 6.0.6003.22511

affected

6.1.0 before 6.1.7601.26961

affected

6.0.0 before 6.1.7601.26961

affected

6.2.0 before 6.2.9200.24710

affected

6.2.0 before 6.2.9200.24710

affected

6.3.0 before 6.3.9600.21813

affected

6.3.0 before 6.3.9600.21813

affected

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21375 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability) vendor-advisory

cve.org CVE-2024-21375

nvd.nist.gov CVE-2024-21375

Download JSON