CVE-2023-21528 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-21528 PUBLISHED CVSS 7.800000190734863 HIGH

Microsoft SQL Server Remote Code Execution Vulnerability

EPSS 0.17% · 37.5th percentile

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS Score

0.17%

37.5th percentile

Affected Products

Vendor	Product	Versions
Microsoft	Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack	13.0.0
Microsoft	Microsoft SQL Server 2008 Service Pack 4 (QFE)	10.0.0
Microsoft	Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)	11.0.0
Microsoft	Microsoft SQL Server 2019 (GDR)	15.0.0
Microsoft	Microsoft SQL Server 2014 Service Pack 3 (CU 4)	12.0.0
Microsoft	Microsoft SQL Server 2016 Service Pack 3 (GDR)	13.0.0
Microsoft	Microsoft SQL Server 2014 Service Pack 3 (GDR)	12.0.0
Microsoft	Microsoft SQL Server 2008 R2 Service Pack 3 (QFE)	10.0.0
Microsoft	Microsoft SQL Server 2012 Service Pack 4 (QFE)	11.0.0
Microsoft	Microsoft SQL Server 2019 (CU 18)	15.0.0
microsoft	sql_server	2016, 2017, 2019
Microsoft	Microsoft SQL Server 2017 (GDR)	14.0.0
Microsoft	Microsoft SQL Server 2022 (GDR)	16.0.0
Microsoft	Microsoft SQL Server 2017 (CU 31)	14.0.0

Timeline

Feb 14, 2023 CVE Published
Feb 15, 2023 EPSS Score
Feb 24, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 7, 2023 PoC Published
Mar 26, 2023 EPSS Score
May 4, 2023 EPSS Score
Jun 12, 2023 EPSS Score
Jul 21, 2023 EPSS Score
Aug 29, 2023 EPSS Score
Nov 15, 2023 EPSS Score
Dec 25, 2023 EPSS Score

References

Microsoft SQL Server Remote Code Execution Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-21528 advisory
https://msrc.microsoft.com/update-guide/ advisory

Open in Interactive Console →