vulnerability
Microsoft CVE-2020-0618: Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | Feb 11, 2020 | Feb 11, 2020 | Sep 19, 2024 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Feb 11, 2020
Added
Feb 11, 2020
Modified
Sep 19, 2024
Description
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. An attacker who successfully exploited this vulnerability could execute code in the context of the Report Server service account.
To exploit the vulnerability, an authenticated attacker would need to submit a specially crafted page request to an affected Reporting Services instance.
The security update addresses the vulnerability by modifying how the Microsoft SQL Server Reporting Services handles page requests.
Solution(s)
msft-kb4532095-829f5afd-f7f6-4abf-b119-4d94a62e3935-x64msft-kb4532095-829f5afd-f7f6-4abf-b119-4d94a62e3935-x86msft-kb4532097-c091b865-e45d-4b44-9fb2-9176620a442e-x64msft-kb4532098-458b1ba2-9c9a-49d9-8aa1-b7f90cffd8a6-x64msft-kb4532098-458b1ba2-9c9a-49d9-8aa1-b7f90cffd8a6-x86msft-kb4535288-768b8842-ba16-461f-8029-0375081e15c9-x64msft-kb4535288-768b8842-ba16-461f-8029-0375081e15c9-x86msft-kb4535706-bd9f2bf0-cef1-4d2d-80fb-606dc3174a55-x64
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.