CVE-2023-21568 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-21568 PUBLISHED CVSS 7.300000190734863 HIGH

Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability

EPSS 0.58% · 68.7th percentile

Risk Scores

CVSS v3.1

7.300000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS Score

0.58%

68.7th percentile

Affected Products

Vendor	Product	Versions
Microsoft	SQL Server Integration Services for Visual Studio 2022	16.0.0
microsoft	sql_server	16.0.0, 16.0.0
microsoft	sql_server_2022_integration_services
Microsoft	SQL Server Integration Services for Visual Studio 2019	16.0.0
microsoft	sql_server_2019_integration_services

Timeline

Feb 14, 2023 CVE Published
Feb 15, 2023 EPSS Score
Feb 24, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 7, 2023 PoC Published
May 4, 2023 EPSS Score
Jun 12, 2023 EPSS Score
Jul 21, 2023 EPSS Score
Aug 29, 2023 EPSS Score
Oct 7, 2023 EPSS Score
Dec 25, 2023 EPSS Score
Feb 2, 2024 EPSS Score

References

https://msrc.microsoft.com/update-guide/ advisory
Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-21568 advisory

Open in Interactive Console →