CVE-2024-0056

CVE Database · CVE-2024-0056

CVE-2024-0056

· HIGHModified

CVSS v3.1

8.7

EPSS

1.18%

Published

Jan 9, 2024

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Weaknesses (CWE)

CWE-319

Affected Products (77)

microsoft · microsoft.data.sqlclient (up to 2.1.7)vulnerable

microsoft · microsoft.data.sqlclient (up to 3.1.5)vulnerable

microsoft · microsoft.data.sqlclient (up to 4.0.5)vulnerable

microsoft · microsoft.data.sqlclient (up to 5.1.3)vulnerable

microsoft · sql_servervulnerable

microsoft · system.data.sqlclient (up to 4.8.6)vulnerable

microsoft · visual_studio_2022 (up to 17.2.23)vulnerable

microsoft · visual_studio_2022

References (2)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056

PatchVendor Advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs

microsoft · visual_studio_2022 (up to 17.6.11)vulnerable

microsoft · visual_studio_2022 (up to 17.8.4)vulnerable

microsoft · .net_framework (up to 4.8.04690.02)vulnerable

microsoft · windows_10_1607

microsoft · windows_server_2008

microsoft · windows_server_2012

microsoft · windows_server_2016

microsoft · .net_framework (up to 4.8.04690.01)vulnerable

microsoft · windows_server_2008

microsoft · .net_frameworkvulnerable

microsoft · windows_server_2008

microsoft · windows_server_2012

microsoft · .net_frameworkvulnerable

microsoft · windows_10_1809

microsoft · windows_10_21h2

microsoft · windows_10_22h2

microsoft · windows_11_21h2

microsoft · windows_11_22h2

microsoft · windows_11_23h2

microsoft · windows_server_2019

microsoft · windows_server_2022

microsoft · windows_server_2022_23h2

microsoft · .net_framework (up to 4.8.04690.02)vulnerable

microsoft · .net_frameworkvulnerable

microsoft · windows_10_1809