vulnerability
Microsoft CVE-2019-0819: Microsoft SQL Server Analysis Services Information Disclosure Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | May 14, 2019 | May 14, 2019 | May 22, 2019 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
May 14, 2019
Added
May 14, 2019
Modified
May 22, 2019
Description
An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions. An attacker who successfully exploited the vulnerability could query tables or columns for which they do not have access rights.
To exploit this vulnerability, an authenticated attacker would need to submit a query to an affected Analysis Services database.
The security update addresses the vulnerability by correcting how SQL Server Analysis Services enforces permissions.
Solutions
msft-kb4494351-362bf7c7-2ef9-4def-bb13-f9aa5903ef9a-x64msft-kb4494352-f015163b-2867-414f-bd29-dd40ae6ebf72-x64
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.