VDB
BDU%3A2024-02903
BDU%3A2024-02903
PUBLISHED
CVSS 6.800000190734863 MEDIUM
Уязвимость программного обеспечения для интеграции данных и рабочих процессов SQL Server Integration Services (SSIS), связанная с недостаточной проверкой входных данных, позволяющая нарушителю выполнить произвольный код
Risk Scores
CVSS 2.0
6.800000190734863
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft Corp | SQL Server Integration Services (SSIS) | |
| Microsoft | SQL Server Integration Services for Visual Studio 2019 | 16.0.0 |
| microsoft | sql_server | 16.0.0, 16.0.0 |
| Microsoft | SQL Server Integration Services for Visual Studio 2022 | 16.0.0 |
Exploit Intelligence
- Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability (circl)
- https://marketplace.visualstudio.com/items?itemName=SSIS.MicrosoftDataToolsIntegrationServices&ssr=false#overview (circl)
- https://marketplace.visualstudio.com/items?itemName=SSIS.SqlServerIntegrationServicesProjects&ssr=false#overview (circl)
- https://www.cybersecurity-help.cz/vdb/SB2023021426 (circl)
- https://msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21568 (circl)
- https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-21568 (circl)
- HUNT_RTF_CVE_2023_21716.yar (github-yara)
- CVE_2023_21716.yar (github-yara)
- CVE_2023_21716.yar (github-yara)
- HUNT_RTF_CVE_2023_21716.yar (github-yara)
…and 6 more exploits
Timeline
- Mar 7, 2023 PoC Published
- Mar 1, 2024 PoC Published
- Apr 15, 2024 CVE Published
- Jul 14, 2024 PoC Published
- Feb 25, 2025 PoC Published
- Sep 30, 2025 PoC Published
- Mar 19, 2026 Security Advisory
- Apr 20, 2026 Security Advisory
References
- https://marketplace.visualstudio.com/items?itemName=SSIS.MicrosoftDataToolsIntegrationServices&ssr=false#overview url
- https://marketplace.visualstudio.com/items?itemName=SSIS.SqlServerIntegrationServicesProjects&ssr=false#overview url
- https://www.cybersecurity-help.cz/vdb/SB2023021426 url
- https://msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21568 url
- https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-21568 advisory
- Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability vendor-advisory