CVE-2023-21713

Summary

Microsoft SQL Server Remote Code Execution Vulnerability

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack13.0.0 < 13.0.7024.30affected
MicrosoftMicrosoft SQL Server 2014 Service Pack 3 (CU 4)12.0.0 < 12.0.6174.8affected
MicrosoftMicrosoft SQL Server 2014 Service Pack 3 (GDR)12.0.0 < 12.0.6444.4affected
MicrosoftMicrosoft SQL Server 2019 (GDR)15.0.0 < 15.0.2101.7affected
MicrosoftMicrosoft SQL Server 2016 Service Pack 3 (GDR)13.0.0 < 13.0.6430.49affected
MicrosoftMicrosoft SQL Server 2012 Service Pack 4 (QFE)11.0.0 < 11.0.7512.11affected
MicrosoftMicrosoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)11.0.0 < 11.0.7512.11affected
MicrosoftMicrosoft SQL Server 2017 (GDR)14.0.0 < 14.0.2047.8affected
MicrosoftMicrosoft SQL Server 2019 (CU 18)15.0.0 < 15.0.4280.7affected
MicrosoftMicrosoft SQL Server 2017 (CU 31)14.0.0 < 14.0.3460.9affected
MicrosoftMicrosoft SQL Server 2022 (GDR)16.0.0 < 16.0.1050.5affected

Weaknesses

  • CWE-502: CWE-502: Deserialization of Untrusted Data

ADP Enrichment

CVE Program Container

Additional References

References