vulnerability
Microsoft CVE-2019-0819: Microsoft SQL Server Analysis Services Information Disclosure Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | May 14, 2019 | May 14, 2019 | May 22, 2019 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
May 14, 2019
Added
May 14, 2019
Modified
May 22, 2019
Description
An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions. An attacker who successfully exploited the vulnerability could query tables or columns for which they do not have access rights.
To exploit this vulnerability, an authenticated attacker would need to submit a query to an affected Analysis Services database.
The security update addresses the vulnerability by correcting how SQL Server Analysis Services enforces permissions.
Solutions
msft-kb4494351-362bf7c7-2ef9-4def-bb13-f9aa5903ef9a-x64msft-kb4494352-f015163b-2867-414f-bd29-dd40ae6ebf72-x64
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.