CVE-2020-0618
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | Microsoft SQL Server | 2012 for 32-bit Systems Service Pack 4 (QFE) | affected |
| Microsoft | Microsoft SQL Server | 2012 for x64-based Systems Service Pack 4 (QFE) | affected |
| Microsoft | Microsoft SQL Server | 2016 for x64-based Systems Service Pack 2 (CU) | affected |
| Microsoft | Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR) | unspecified | affected |
| Microsoft | Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU) | unspecified | affected |
| Microsoft | Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR) | unspecified | affected |
| Microsoft | Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR) | unspecified | affected |
| Microsoft | Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU) | unspecified | affected |
Weaknesses
- Remote Code Execution
ADP Enrichment
CVE Program Container
Additional References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618
- http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html
- http://packetstormsecurity.com/files/159216/Microsoft-SQL-Server-Reporting-Services-2016-Remote-Code-Execution.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618
- http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html
- http://packetstormsecurity.com/files/159216/Microsoft-SQL-Server-Reporting-Services-2016-Remote-Code-Execution.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.