CVE-2018-8527 — Vulnetix

Try Vulnetix Request Demo

CVE-2018-8527 PUBLISHED CVSS 5.5 MEDIUM

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8532, CVE-2018-8533.

EPSS 47.85% · 97.7th percentile

Risk Scores

CVSS v3.0

5.5

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS Score

47.85%

97.7th percentile

Affected Products

Vendor	Product	Versions
Microsoft	SQL Server Management Studio 17.9	SQL Server Management Studio 17.9
microsoft	sql_server_management_studio	17.9, 18.0
Microsoft	SQL Server Management Studio 18.0	(Preview 4)

Timeline

Oct 10, 2018 CVE Published
Oct 11, 2018 PoC Published
Oct 11, 2018 PoC Published
Oct 17, 2018 PoC Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8527 url
105474 vdb
1041826 vdb
45585 exploit
https://nvd.nist.gov/vuln/detail/CVE-2018-8527 advisory
https://www.exploit-db.com/exploits/45585 url
https://portal.msrc.microsoft.com/fr-FR/security-guidance advisory

Open in Interactive Console →