CVE-2020-0618

Summary

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft SQL Server2012 for 32-bit Systems Service Pack 4 (QFE)affected
MicrosoftMicrosoft SQL Server2012 for x64-based Systems Service Pack 4 (QFE)affected
MicrosoftMicrosoft SQL Server2016 for x64-based Systems Service Pack 2 (CU)affected
MicrosoftMicrosoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)unspecifiedaffected
MicrosoftMicrosoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU)unspecifiedaffected
MicrosoftMicrosoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)unspecifiedaffected
MicrosoftMicrosoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)unspecifiedaffected
MicrosoftMicrosoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU)unspecifiedaffected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References