Vulnerability-Lookup

CVE-2023-36730 (GCVE-0-2023-36730)

Vulnerability from cvelistv5 – Published: 2023-10-10 17:07 – Updated: 2025-04-14 22:45

Title

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Summary

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

microsoft

References

URL

Tags

https://msrc.microsoft.com/update-guide/vulnerabi…

vendor-advisory

Impacted products

Vendor

Product

Version

Microsoft

Microsoft SQL Server 2019 (GDR)

Affected: 15.0.0 , < 15.0.2104.1 (custom)

Microsoft	Microsoft SQL Server 2022 (GDR)	Affected: 16.0.0 , < 16.0.1105.1 (custom)
Microsoft	Microsoft ODBC Driver 17 for SQL Server on Windows	Affected: 17.0.0.0 , < 17.10.5.1 (custom)
Microsoft	Microsoft ODBC Driver 17 for SQL Server on Linux	Affected: 17.0.0.0 , < 17.10.5.1 (custom)
Microsoft	Microsoft ODBC Driver 17 for SQL Server on MacOS	Affected: 17.0.0.0 , < 17.10.5.1 (custom)
Microsoft	Microsoft ODBC Driver 18 for SQL Server on Windows	Affected: 18.0.0.0 , < 18.3.2.1 (custom)
Microsoft	Microsoft ODBC Driver 18 for SQL Server on Linux	Affected: 18.0.0.0 , < 18.3.2.1 (custom)
Microsoft	Microsoft ODBC Driver 18 for SQL Server on MacOS	Affected: 18.0.0.0 , < 18.3.2.1 (custom)
Microsoft	Microsoft SQL Server 2022 (CU 8)	Affected: 15.0.0 , < 16.0.4080.1 (custom)
Microsoft	Microsoft SQL Server 2019 (CU 22)	Affected: 15.0.0 , < 15.0.4326.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:52:54.089Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36730",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:50:10.793075Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T20:44:39.623Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2104.1",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1105.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.5.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.5.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.5.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.2.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.2.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.2.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (CU 8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4080.1",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 22)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4326.1",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "15.0.2104.1",
                  "versionStartIncluding": "15.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "16.0.1105.1",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.10.5.1",
                  "versionStartIncluding": "17.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.10.5.1",
                  "versionStartIncluding": "17.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.10.5.1",
                  "versionStartIncluding": "17.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "18.3.2.1",
                  "versionStartIncluding": "18.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "18.3.2.1",
                  "versionStartIncluding": "18.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "18.3.2.1",
                  "versionStartIncluding": "18.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "16.0.4080.1",
                  "versionStartIncluding": "15.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "15.0.4326.1",
                  "versionStartIncluding": "15.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-10-10T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-14T22:45:59.713Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-36730",
    "datePublished": "2023-10-10T17:07:31.809Z",
    "dateReserved": "2023-06-26T13:29:45.604Z",
    "dateUpdated": "2025-04-14T22:45:59.713Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-36730\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2023-10-10T18:15:17.160\",\"lastModified\":\"2024-11-21T08:10:28.543\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft ODBC Driver para SQL Server \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndExcluding\":\"17.10.5.1\",\"matchCriteriaId\":\"FEE52D75-0785-47A8-A024-14A83B9732A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndExcluding\":\"17.10.5.1\",\"matchCriteriaId\":\"5C5B4D78-6EA4-41E6-A403-2D018D9F0692\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndExcluding\":\"17.10.5.1\",\"matchCriteriaId\":\"CC490F0A-842A-4590-8CAC-07BB599D8F4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*\",\"versionStartIncluding\":\"18.0\",\"versionEndExcluding\":\"18.3.2.1\",\"matchCriteriaId\":\"90718D50-D4D8-4949-ADB3-310879B2A574\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*\",\"versionStartIncluding\":\"18.0\",\"versionEndExcluding\":\"18.3.2.1\",\"matchCriteriaId\":\"C9BEA137-3C0A-472A-9A5B-428E00302626\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"18.0\",\"versionEndExcluding\":\"18.3.2.1\",\"matchCriteriaId\":\"2EDAA3E7-9DA2-4C2F-B626-60A747015FE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"9144F644-A3D4-440C-8978-257E71204617\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"6CB7AD22-F27B-4807-88F1-02ED420421D5\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730\", \"name\": \"Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T16:52:54.089Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-36730\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-26T21:50:10.793075Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-26T19:58:29.908Z\"}}], \"cna\": {\"title\": \"Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Microsoft SQL Server 2019 (GDR)\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.0.0\", \"lessThan\": \"15.0.2104.1\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SQL Server 2022 (GDR)\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.1105.1\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft ODBC Driver 17 for SQL Server on Windows\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.0.0.0\", \"lessThan\": \"17.10.5.1\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft ODBC Driver 17 for SQL Server on Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.0.0.0\", \"lessThan\": \"17.10.5.1\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft ODBC Driver 17 for SQL Server on MacOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.0.0.0\", \"lessThan\": \"17.10.5.1\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft ODBC Driver 18 for SQL Server on Windows\", \"versions\": [{\"status\": \"affected\", \"version\": \"18.0.0.0\", \"lessThan\": \"18.3.2.1\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft ODBC Driver 18 for SQL Server on Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"18.0.0.0\", \"lessThan\": \"18.3.2.1\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft ODBC Driver 18 for SQL Server on MacOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"18.0.0.0\", \"lessThan\": \"18.3.2.1\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SQL Server 2022 (CU 8)\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.0.0\", \"lessThan\": \"16.0.4080.1\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SQL Server 2019 (CU 22)\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.0.0\", \"lessThan\": \"15.0.4326.1\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}], \"datePublic\": \"2023-10-10T07:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730\", \"name\": \"Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122: Heap-based Buffer Overflow\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"15.0.2104.1\", \"versionStartIncluding\": \"15.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.1105.1\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.10.5.1\", \"versionStartIncluding\": \"17.0.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.10.5.1\", \"versionStartIncluding\": \"17.0.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.10.5.1\", \"versionStartIncluding\": \"17.0.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"18.3.2.1\", \"versionStartIncluding\": \"18.0.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"18.3.2.1\", \"versionStartIncluding\": \"18.0.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"18.3.2.1\", \"versionStartIncluding\": \"18.0.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.4080.1\", \"versionStartIncluding\": \"15.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"15.0.4326.1\", \"versionStartIncluding\": \"15.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2025-04-14T22:45:59.713Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-36730\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-14T22:45:59.713Z\", \"dateReserved\": \"2023-06-26T13:29:45.604Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2023-10-10T17:07:31.809Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2023-36730

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Aliases

CVE-2023-36730

Aliases

CVE-2023-36730

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-36730",
    "id": "GSD-2023-36730"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-36730"
      ],
      "details": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
      "id": "GSD-2023-36730",
      "modified": "2023-12-13T01:20:34.232329Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2023-36730",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft SQL Server 2019 (GDR)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.0.0",
                          "version_value": "15.0.2104.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft SQL Server 2022 (GDR)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.0.0",
                          "version_value": "16.0.1105.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft ODBC Driver 17 for SQL Server on Windows",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "17.0.0.0",
                          "version_value": "17.10.5.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft ODBC Driver 17 for SQL Server on Linux",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "17.0.0.0",
                          "version_value": "17.10.5.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "17.0.0.0",
                          "version_value": "17.10.5.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft ODBC Driver 18 for SQL Server on Windows",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "18.0.0.0",
                          "version_value": "18.3.2.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft ODBC Driver 18 for SQL Server on Linux",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "18.0.0.0",
                          "version_value": "18.3.2.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "18.0.0.0",
                          "version_value": "18.3.2.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft SQL Server 2022 (CU 8)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.0.0",
                          "version_value": "16.0.4080.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft SQL Server 2019 (CU 22)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.0.0",
                          "version_value": "15.0.4326.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730",
            "refsource": "MISC",
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*",
                "cpe_name": [],
                "versionEndExcluding": "18.3.2.1",
                "versionStartIncluding": "18.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*",
                "cpe_name": [],
                "versionEndExcluding": "18.3.2.1",
                "versionStartIncluding": "18.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "18.3.2.1",
                "versionStartIncluding": "18.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*",
                "cpe_name": [],
                "versionEndExcluding": "17.10.5.1",
                "versionStartIncluding": "17.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*",
                "cpe_name": [],
                "versionEndExcluding": "17.10.5.1",
                "versionStartIncluding": "17.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "17.10.5.1",
                "versionStartIncluding": "17.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2023-36730"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-10-13T19:42Z",
      "publishedDate": "2023-10-10T18:15Z"
    }
  }
}

NCSC-2025-0020

Vulnerability from csaf_ncscnl - Published: 2025-01-22 13:30 - Updated: 2025-01-22 13:30

Summary

Kwetsbaarheden verholpen in Oracle Database producten

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Oracle heeft kwetsbaarheden verholpen in diverse database producten en subsystemen, zoals de Core Database, Graal, Application Express, GoldenGate en REST data.

Interpretaties

De kwetsbaarheden bevinden zich in verschillende componenten van de Oracle Database, waaronder de Data Mining component en de Java VM. Deze kwetsbaarheden stellen laaggeprivilegieerde geauthenticeerde gebruikers in staat om het systeem te compromitteren, wat kan leiden tot ongeautoriseerde toegang en gegevensmanipulatie. De Java VM-kwetsbaarheid kan ook leiden tot ongeautoriseerde wijzigingen van gegevens.

Oplossingen

Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-391

Unchecked Error Condition

CWE-115

Misinterpretation of Input

CWE-466

Return of Pointer Value Outside of Expected Range

CWE-222

Truncation of Security-relevant Information

CWE-131

Incorrect Calculation of Buffer Size

CWE-1287

Improper Validation of Specified Type of Input

CWE-922

Insecure Storage of Sensitive Information

CWE-191

Integer Underflow (Wrap or Wraparound)

CWE-1220

Insufficient Granularity of Access Control

CWE-776

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CWE-178

Improper Handling of Case Sensitivity

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CWE-440

Expected Behavior Violation

CWE-1286

Improper Validation of Syntactic Correctness of Input

CWE-703

Improper Check or Handling of Exceptional Conditions

CWE-617

Reachable Assertion

CWE-427

Uncontrolled Search Path Element

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

CWE-288

Authentication Bypass Using an Alternate Path or Channel

CWE-354

Improper Validation of Integrity Check Value

CWE-190

Integer Overflow or Wraparound

CWE-404

Improper Resource Shutdown or Release

CWE-284

Improper Access Control

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1333

Inefficient Regular Expression Complexity

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-476

NULL Pointer Dereference

CWE-757

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-400

Uncontrolled Resource Consumption

CWE-770

Allocation of Resources Without Limits or Throttling

CWE-502

Deserialization of Untrusted Data

CWE-674

Uncontrolled Recursion

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-611

Improper Restriction of XML External Entity Reference

CWE-787

Out-of-bounds Write

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-122

Heap-based Buffer Overflow

CWE-121

Stack-based Buffer Overflow

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-20

Improper Input Validation

CWE-276

Incorrect Default Permissions

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft kwetsbaarheden verholpen in diverse database producten en subsystemen, zoals de Core Database, Graal, Application Express, GoldenGate en REST data.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden bevinden zich in verschillende componenten van de Oracle Database, waaronder de Data Mining component en de Java VM. Deze kwetsbaarheden stellen laaggeprivilegieerde geauthenticeerde gebruikers in staat om het systeem te compromitteren, wat kan leiden tot ongeautoriseerde toegang en gegevensmanipulatie. De Java VM-kwetsbaarheid kan ook leiden tot ongeautoriseerde wijzigingen van gegevens.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Unchecked Error Condition",
        "title": "CWE-391"
      },
      {
        "category": "general",
        "text": "Misinterpretation of Input",
        "title": "CWE-115"
      },
      {
        "category": "general",
        "text": "Return of Pointer Value Outside of Expected Range",
        "title": "CWE-466"
      },
      {
        "category": "general",
        "text": "Truncation of Security-relevant Information",
        "title": "CWE-222"
      },
      {
        "category": "general",
        "text": "Incorrect Calculation of Buffer Size",
        "title": "CWE-131"
      },
      {
        "category": "general",
        "text": "Improper Validation of Specified Type of Input",
        "title": "CWE-1287"
      },
      {
        "category": "general",
        "text": "Insecure Storage of Sensitive Information",
        "title": "CWE-922"
      },
      {
        "category": "general",
        "text": "Integer Underflow (Wrap or Wraparound)",
        "title": "CWE-191"
      },
      {
        "category": "general",
        "text": "Insufficient Granularity of Access Control",
        "title": "CWE-1220"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
        "title": "CWE-776"
      },
      {
        "category": "general",
        "text": "Improper Handling of Case Sensitivity",
        "title": "CWE-178"
      },
      {
        "category": "general",
        "text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
        "title": "CWE-367"
      },
      {
        "category": "general",
        "text": "Expected Behavior Violation",
        "title": "CWE-440"
      },
      {
        "category": "general",
        "text": "Improper Validation of Syntactic Correctness of Input",
        "title": "CWE-1286"
      },
      {
        "category": "general",
        "text": "Improper Check or Handling of Exceptional Conditions",
        "title": "CWE-703"
      },
      {
        "category": "general",
        "text": "Reachable Assertion",
        "title": "CWE-617"
      },
      {
        "category": "general",
        "text": "Uncontrolled Search Path Element",
        "title": "CWE-427"
      },
      {
        "category": "general",
        "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
        "title": "CWE-601"
      },
      {
        "category": "general",
        "text": "Authentication Bypass Using an Alternate Path or Channel",
        "title": "CWE-288"
      },
      {
        "category": "general",
        "text": "Improper Validation of Integrity Check Value",
        "title": "CWE-354"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Inefficient Regular Expression Complexity",
        "title": "CWE-1333"
      },
      {
        "category": "general",
        "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
        "title": "CWE-1321"
      },
      {
        "category": "general",
        "text": "NULL Pointer Dereference",
        "title": "CWE-476"
      },
      {
        "category": "general",
        "text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
        "title": "CWE-757"
      },
      {
        "category": "general",
        "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
        "title": "CWE-94"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Deserialization of Untrusted Data",
        "title": "CWE-502"
      },
      {
        "category": "general",
        "text": "Uncontrolled Recursion",
        "title": "CWE-674"
      },
      {
        "category": "general",
        "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
        "title": "CWE-22"
      },
      {
        "category": "general",
        "text": "Improper Restriction of XML External Entity Reference",
        "title": "CWE-611"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Stack-based Buffer Overflow",
        "title": "CWE-121"
      },
      {
        "category": "general",
        "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
        "title": "CWE-835"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Incorrect Default Permissions",
        "title": "CWE-276"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; nvd; oracle",
        "url": "https://www.oracle.com/security-alerts/cpujan2025.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Database producten",
    "tracking": {
      "current_release_date": "2025-01-22T13:30:16.354373Z",
      "id": "NCSC-2025-0020",
      "initial_release_date": "2025-01-22T13:30:16.354373Z",
      "revision_history": [
        {
          "date": "2025-01-22T13:30:16.354373Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "graal_development_kit_for_micronaut",
            "product": {
              "name": "graal_development_kit_for_micronaut",
              "product_id": "CSAFPID-1751216",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graal_development_kit_for_micronaut:23.5-23.6:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "database_-_data_mining",
            "product": {
              "name": "database_-_data_mining",
              "product_id": "CSAFPID-1751200",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:database_-_data_mining:19.3-19.25:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "database_-_data_mining",
            "product": {
              "name": "database_-_data_mining",
              "product_id": "CSAFPID-1751199",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:database_-_data_mining:21.3-21.16:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "database_migration_assistant_for_unicode",
            "product": {
              "name": "database_migration_assistant_for_unicode",
              "product_id": "CSAFPID-1751212",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:database_migration_assistant_for_unicode:19.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "database_server",
            "product": {
              "name": "database_server",
              "product_id": "CSAFPID-1503604",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:database_server:_java_vm___23.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "database_-_graalvm_multilingual_engine",
            "product": {
              "name": "database_-_graalvm_multilingual_engine",
              "product_id": "CSAFPID-1751223",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:database_-_graalvm_multilingual_engine:21.4-21.16:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "database_-_graalvm_multilingual_engine",
            "product": {
              "name": "database_-_graalvm_multilingual_engine",
              "product_id": "CSAFPID-1751224",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:database_-_graalvm_multilingual_engine:23.5-23.6:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "application_express",
            "product": {
              "name": "application_express",
              "product_id": "CSAFPID-1503575",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "application_express",
            "product": {
              "name": "application_express",
              "product_id": "CSAFPID-1673188",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate",
            "product": {
              "name": "goldengate",
              "product_id": "CSAFPID-342816",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate_big_data_and_application_adapters",
            "product": {
              "name": "goldengate_big_data_and_application_adapters",
              "product_id": "CSAFPID-816845",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate_big_data_and_application_adapters",
            "product": {
              "name": "goldengate_big_data_and_application_adapters",
              "product_id": "CSAFPID-1650825",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate_big_data_and_application_adapters",
            "product": {
              "name": "goldengate_big_data_and_application_adapters",
              "product_id": "CSAFPID-1751298",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate_big_data_and_application_adapters",
            "product": {
              "name": "goldengate_big_data_and_application_adapters",
              "product_id": "CSAFPID-1751299",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate",
            "product": {
              "name": "goldengate",
              "product_id": "CSAFPID-1650767",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.23.0.0.240716:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate",
            "product": {
              "name": "goldengate",
              "product_id": "CSAFPID-485902",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate:19.1.0.0.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate",
            "product": {
              "name": "goldengate",
              "product_id": "CSAFPID-1503736",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate:19.23.0.0.240716:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate",
            "product": {
              "name": "goldengate",
              "product_id": "CSAFPID-1503739",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate:21.14:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate",
            "product": {
              "name": "goldengate",
              "product_id": "CSAFPID-1751093",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate:21.16:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate",
            "product": {
              "name": "goldengate",
              "product_id": "CSAFPID-1751094",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate:23.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate",
            "product": {
              "name": "goldengate",
              "product_id": "CSAFPID-1751095",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate:23.6:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate",
            "product": {
              "name": "goldengate",
              "product_id": "CSAFPID-1751204",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate:23.4-23.6:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate",
            "product": {
              "name": "goldengate",
              "product_id": "CSAFPID-1503738",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate:21.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate",
            "product": {
              "name": "goldengate",
              "product_id": "CSAFPID-1751203",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate:21.3-21.16:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "goldengate",
            "product": {
              "name": "goldengate",
              "product_id": "CSAFPID-1650765",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:goldengate:21.3-21.14:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "rest_data_services",
            "product": {
              "name": "rest_data_services",
              "product_id": "CSAFPID-711746",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "rest_data_services",
            "product": {
              "name": "rest_data_services",
              "product_id": "CSAFPID-1751305",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:rest_data_services:24.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "rest_data_services",
            "product": {
              "name": "rest_data_services",
              "product_id": "CSAFPID-1751304",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:rest_data_services:24.3.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "secure_backup",
            "product": {
              "name": "secure_backup",
              "product_id": "CSAFPID-667692",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "secure_backup",
            "product": {
              "name": "secure_backup",
              "product_id": "CSAFPID-345049",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "secure_backup",
            "product": {
              "name": "secure_backup",
              "product_id": "CSAFPID-611417",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "secure_backup",
            "product": {
              "name": "secure_backup",
              "product_id": "CSAFPID-1673422",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-38998",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
          "title": "CWE-1321"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1503575",
          "CSAFPID-1673188",
          "CSAFPID-1751204",
          "CSAFPID-1751203"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38998",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1503575",
            "CSAFPID-1673188",
            "CSAFPID-1751204",
            "CSAFPID-1751203"
          ]
        }
      ],
      "title": "CVE-2024-38998"
    },
    {
      "cve": "CVE-2024-38999",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
          "title": "CWE-1321"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1503575",
          "CSAFPID-1673188",
          "CSAFPID-1751204",
          "CSAFPID-1751203"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38999",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1503575",
            "CSAFPID-1673188",
            "CSAFPID-1751204",
            "CSAFPID-1751203"
          ]
        }
      ],
      "title": "CVE-2024-38999"
    },
    {
      "cve": "CVE-2024-45490",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        },
        {
          "category": "other",
          "text": "Incorrect Calculation of Buffer Size",
          "title": "CWE-131"
        },
        {
          "category": "other",
          "text": "Improper Restriction of XML External Entity Reference",
          "title": "CWE-611"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-45490",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45490.json"
        }
      ],
      "title": "CVE-2024-45490"
    },
    {
      "cve": "CVE-2024-45491",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-45491",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45491.json"
        }
      ],
      "title": "CVE-2024-45491"
    },
    {
      "cve": "CVE-2024-45492",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-45492",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json"
        }
      ],
      "title": "CVE-2024-45492"
    },
    {
      "cve": "CVE-2024-45772",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-45772",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45772.json"
        }
      ],
      "title": "CVE-2024-45772"
    },
    {
      "cve": "CVE-2024-47554",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47554",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json"
        }
      ],
      "title": "CVE-2024-47554"
    },
    {
      "cve": "CVE-2024-47561",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650825",
          "CSAFPID-1751298",
          "CSAFPID-1751299"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47561",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650825",
            "CSAFPID-1751298",
            "CSAFPID-1751299"
          ]
        }
      ],
      "title": "CVE-2024-47561"
    },
    {
      "cve": "CVE-2024-50379",
      "cwe": {
        "id": "CWE-367",
        "name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
      },
      "notes": [
        {
          "category": "other",
          "text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
          "title": "CWE-367"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50379",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50379.json"
        }
      ],
      "title": "CVE-2024-50379"
    },
    {
      "cve": "CVE-2024-52316",
      "cwe": {
        "id": "CWE-391",
        "name": "Unchecked Error Condition"
      },
      "notes": [
        {
          "category": "other",
          "text": "Unchecked Error Condition",
          "title": "CWE-391"
        },
        {
          "category": "other",
          "text": "Authentication Bypass Using an Alternate Path or Channel",
          "title": "CWE-288"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-52316",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52316.json"
        }
      ],
      "title": "CVE-2024-52316"
    },
    {
      "cve": "CVE-2024-54677",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-54677",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54677.json"
        }
      ],
      "title": "CVE-2024-54677"
    },
    {
      "cve": "CVE-2024-56337",
      "cwe": {
        "id": "CWE-367",
        "name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
      },
      "notes": [
        {
          "category": "other",
          "text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
          "title": "CWE-367"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-56337",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56337.json"
        }
      ],
      "title": "CVE-2024-56337"
    },
    {
      "cve": "CVE-2025-21553",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-21553",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21553.json"
        }
      ],
      "title": "CVE-2025-21553"
    },
    {
      "cve": "CVE-2025-21557",
      "product_status": {
        "known_affected": [
          "CSAFPID-1503575",
          "CSAFPID-1673188"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-21557",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21557.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1503575",
            "CSAFPID-1673188"
          ]
        }
      ],
      "title": "CVE-2025-21557"
    },
    {
      "cve": "CVE-2022-26345",
      "cwe": {
        "id": "CWE-427",
        "name": "Uncontrolled Search Path Element"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Search Path Element",
          "title": "CWE-427"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751199",
          "CSAFPID-1751200"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-26345",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-26345.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751199",
            "CSAFPID-1751200"
          ]
        }
      ],
      "title": "CVE-2022-26345"
    },
    {
      "cve": "CVE-2023-27043",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-27043",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-27043.json"
        }
      ],
      "title": "CVE-2023-27043"
    },
    {
      "cve": "CVE-2023-36730",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751203",
          "CSAFPID-1751204"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-36730",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36730.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751203",
            "CSAFPID-1751204"
          ]
        }
      ],
      "title": "CVE-2023-36730"
    },
    {
      "cve": "CVE-2023-36785",
      "cwe": {
        "id": "CWE-191",
        "name": "Integer Underflow (Wrap or Wraparound)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Underflow (Wrap or Wraparound)",
          "title": "CWE-191"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751203",
          "CSAFPID-1751204"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-36785",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36785.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751203",
            "CSAFPID-1751204"
          ]
        }
      ],
      "title": "CVE-2023-36785"
    },
    {
      "cve": "CVE-2023-48795",
      "cwe": {
        "id": "CWE-222",
        "name": "Truncation of Security-relevant Information"
      },
      "notes": [
        {
          "category": "other",
          "text": "Truncation of Security-relevant Information",
          "title": "CWE-222"
        },
        {
          "category": "other",
          "text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
          "title": "CWE-757"
        },
        {
          "category": "other",
          "text": "Improper Validation of Integrity Check Value",
          "title": "CWE-354"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650765",
          "CSAFPID-1650767",
          "CSAFPID-342816",
          "CSAFPID-667692",
          "CSAFPID-711746",
          "CSAFPID-816845",
          "CSAFPID-1503575",
          "CSAFPID-1503604",
          "CSAFPID-1751212"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-48795",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650765",
            "CSAFPID-1650767",
            "CSAFPID-342816",
            "CSAFPID-667692",
            "CSAFPID-711746",
            "CSAFPID-816845",
            "CSAFPID-1503575",
            "CSAFPID-1503604",
            "CSAFPID-1751212"
          ]
        }
      ],
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2023-52428",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-342816",
          "CSAFPID-1503575",
          "CSAFPID-1503604",
          "CSAFPID-816845",
          "CSAFPID-711746",
          "CSAFPID-1751216"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-52428",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-342816",
            "CSAFPID-1503575",
            "CSAFPID-1503604",
            "CSAFPID-816845",
            "CSAFPID-711746",
            "CSAFPID-1751216"
          ]
        }
      ],
      "title": "CVE-2023-52428"
    },
    {
      "cve": "CVE-2024-2961",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1503575",
          "CSAFPID-1503604",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-711746"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-2961",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2961.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1503575",
            "CSAFPID-1503604",
            "CSAFPID-342816",
            "CSAFPID-816845",
            "CSAFPID-711746"
          ]
        }
      ],
      "title": "CVE-2024-2961"
    },
    {
      "cve": "CVE-2024-4030",
      "cwe": {
        "id": "CWE-276",
        "name": "Incorrect Default Permissions"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Default Permissions",
          "title": "CWE-276"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-4030",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4030.json"
        }
      ],
      "title": "CVE-2024-4030"
    },
    {
      "cve": "CVE-2024-4032",
      "cwe": {
        "id": "CWE-440",
        "name": "Expected Behavior Violation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Expected Behavior Violation",
          "title": "CWE-440"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-4032",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4032.json"
        }
      ],
      "title": "CVE-2024-4032"
    },
    {
      "cve": "CVE-2024-6232",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inefficient Regular Expression Complexity",
          "title": "CWE-1333"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-6232",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6232.json"
        }
      ],
      "title": "CVE-2024-6232"
    },
    {
      "cve": "CVE-2024-6763",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Validation of Syntactic Correctness of Input",
          "title": "CWE-1286"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751304",
          "CSAFPID-1751305"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-6763",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6763.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751304",
            "CSAFPID-1751305"
          ]
        }
      ],
      "title": "CVE-2024-6763"
    },
    {
      "cve": "CVE-2024-6923",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        },
        {
          "category": "other",
          "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "title": "CWE-94"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-6923",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6923.json"
        }
      ],
      "title": "CVE-2024-6923"
    },
    {
      "cve": "CVE-2024-7254",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7254",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json"
        }
      ],
      "title": "CVE-2024-7254"
    },
    {
      "cve": "CVE-2024-7592",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7592",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7592.json"
        }
      ],
      "title": "CVE-2024-7592"
    },
    {
      "cve": "CVE-2024-8088",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
          "title": "CWE-835"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-8088",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8088.json"
        }
      ],
      "title": "CVE-2024-8088"
    },
    {
      "cve": "CVE-2024-8927",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "other",
          "text": "Insufficient Granularity of Access Control",
          "title": "CWE-1220"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673422",
          "CSAFPID-345049",
          "CSAFPID-611417"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-8927",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8927.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673422",
            "CSAFPID-345049",
            "CSAFPID-611417"
          ]
        }
      ],
      "title": "CVE-2024-8927"
    },
    {
      "cve": "CVE-2024-11053",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-11053",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11053.json"
        }
      ],
      "title": "CVE-2024-11053"
    },
    {
      "cve": "CVE-2024-21211",
      "cwe": {
        "id": "CWE-922",
        "name": "Insecure Storage of Sensitive Information"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insecure Storage of Sensitive Information",
          "title": "CWE-922"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1751223",
          "CSAFPID-1751224"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21211",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21211.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1751223",
            "CSAFPID-1751224"
          ]
        }
      ],
      "title": "CVE-2024-21211"
    },
    {
      "cve": "CVE-2024-22262",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
          "title": "CWE-601"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650825",
          "CSAFPID-1503575",
          "CSAFPID-1503604",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-711746"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22262",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650825",
            "CSAFPID-1503575",
            "CSAFPID-1503604",
            "CSAFPID-342816",
            "CSAFPID-816845",
            "CSAFPID-711746"
          ]
        }
      ],
      "title": "CVE-2024-22262"
    },
    {
      "cve": "CVE-2024-24789",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Improper Validation of Specified Type of Input",
          "title": "CWE-1287"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-24789",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24789.json"
        }
      ],
      "title": "CVE-2024-24789"
    },
    {
      "cve": "CVE-2024-24790",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "other",
          "text": "Misinterpretation of Input",
          "title": "CWE-115"
        },
        {
          "category": "other",
          "text": "Improper Validation of Specified Type of Input",
          "title": "CWE-1287"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-24790",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24790.json"
        }
      ],
      "title": "CVE-2024-24790"
    },
    {
      "cve": "CVE-2024-24791",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-24791",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24791.json"
        }
      ],
      "title": "CVE-2024-24791"
    },
    {
      "cve": "CVE-2024-28757",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of XML External Entity Reference",
          "title": "CWE-611"
        },
        {
          "category": "other",
          "text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
          "title": "CWE-776"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1503575",
          "CSAFPID-1503604",
          "CSAFPID-342816",
          "CSAFPID-816845",
          "CSAFPID-711746"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-28757",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28757.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1503575",
            "CSAFPID-1503604",
            "CSAFPID-342816",
            "CSAFPID-816845",
            "CSAFPID-711746"
          ]
        }
      ],
      "title": "CVE-2024-28757"
    },
    {
      "cve": "CVE-2024-33599",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "other",
          "text": "Stack-based Buffer Overflow",
          "title": "CWE-121"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-33599",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33599.json"
        }
      ],
      "title": "CVE-2024-33599"
    },
    {
      "cve": "CVE-2024-33600",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-33600",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33600.json"
        }
      ],
      "title": "CVE-2024-33600"
    },
    {
      "cve": "CVE-2024-33601",
      "cwe": {
        "id": "CWE-703",
        "name": "Improper Check or Handling of Exceptional Conditions"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Check or Handling of Exceptional Conditions",
          "title": "CWE-703"
        },
        {
          "category": "other",
          "text": "Reachable Assertion",
          "title": "CWE-617"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-33601",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33601.json"
        }
      ],
      "title": "CVE-2024-33601"
    },
    {
      "cve": "CVE-2024-33602",
      "cwe": {
        "id": "CWE-466",
        "name": "Return of Pointer Value Outside of Expected Range"
      },
      "notes": [
        {
          "category": "other",
          "text": "Return of Pointer Value Outside of Expected Range",
          "title": "CWE-466"
        },
        {
          "category": "other",
          "text": "Improper Check or Handling of Exceptional Conditions",
          "title": "CWE-703"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-33602",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33602.json"
        }
      ],
      "title": "CVE-2024-33602"
    },
    {
      "cve": "CVE-2024-38819",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650825"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38819",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650825"
          ]
        }
      ],
      "title": "CVE-2024-38819"
    },
    {
      "cve": "CVE-2024-38820",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "other",
          "text": "Improper Handling of Case Sensitivity",
          "title": "CWE-178"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1650825"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-38820",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1650825"
          ]
        }
      ],
      "title": "CVE-2024-38820"
    }
  ]
}

CERTFR-2023-AVI-0830

Vulnerability from certfr_avis - Published: 2023-10-11 - Updated: 2023-10-11

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une élévation de privilèges, une usurpation d'identité, une exécution de code à distance, un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 13
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.2
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.7
Microsoft	N/A	Microsoft OLE DB Driver 19 pour SQL Server
Microsoft	N/A	Microsoft SQL Server 2014 Service Pack 3 pour systèmes 32 bits (CU 4)
Microsoft	N/A	Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 (GDR)
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.6
Microsoft	N/A	Microsoft Common Data Model SDK pour C#
Microsoft	N/A	Microsoft SQL Server 2022 pour systèmes x64 (GDR)
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft	Azure	Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connect Feature Pack
Microsoft	N/A	Microsoft SQL Server 2014 Service Pack 3 pour systèmes x64 (CU 4)
Microsoft	N/A	Skype pour Business Server 2019 CU7
Microsoft	N/A	Microsoft SQL Server 2014 Service Pack 3 pour systèmes x64 (GDR)
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft	N/A	Skype pour Business Server 2015 CU13
Microsoft	N/A	Microsoft 365 Apps pour Enterprise pour systèmes 32 bits
Microsoft	N/A	Microsoft 365 Apps pour Enterprise pour 64 bits Systems
Microsoft	N/A	Microsoft SQL Server 2017 pour systèmes x64 (GDR)
Microsoft	N/A	Microsoft SQL Server 2017 pour systèmes x64 (CU 31)
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.4
Microsoft	N/A	Microsoft SQL Server 2019 pour systèmes x64 (GDR)
Microsoft	N/A	Microsoft ODBC Driver 18 pour SQL Server on MacOS
Microsoft	N/A	Microsoft SQL Server 2019 pour systèmes x64 (CU 22)
Microsoft	N/A	Microsoft ODBC Driver 17 pour SQL Server on MacOS
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft	N/A	Microsoft Common Data Model SDK pour TypeScript
Microsoft	N/A	Microsoft SQL Server 2022 pour systèmes x64 (CU 8)
Microsoft	N/A	Microsoft Common Data Model SDK pour Java
Microsoft	N/A	Microsoft ODBC Driver 17 pour SQL Server on Linux
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft	N/A	Microsoft OLE DB Driver 18 pour SQL Server
Microsoft	N/A	Microsoft ODBC Driver 18 pour SQL Server on Linux
Microsoft	N/A	Microsoft SQL Server 2014 Service Pack 3 pour systèmes 32 bits (GDR)
Microsoft	N/A	Microsoft Common Data Model SDK pour Python

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2023-36728 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36420 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36785 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-41763 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36429 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36569 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36568 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36433 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36566 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36786 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-44487 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36730 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36789 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36416 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36778 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-38171 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36417 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36780 du 10 octobre 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Exchange Server 2019 Cumulative Update 13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft OLE DB Driver 19 pour SQL Server",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes 32 bits (CU 4)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 (GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Common Data Model SDK pour C#",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 23",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 Azure Connect Feature Pack",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes x64 (CU 4)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business Server 2019 CU7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes x64 (GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 (on-premises) version 9.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business Server 2015 CU13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft 365 Apps pour Enterprise pour 64 bits Systems",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (CU 31)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft ODBC Driver 18 pour SQL Server on MacOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 22)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft ODBC Driver 17 pour SQL Server on MacOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 (on-premises) version 9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Common Data Model SDK pour TypeScript",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (CU 8)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Common Data Model SDK pour Java",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft ODBC Driver 17 pour SQL Server on Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2019 Cumulative Update 12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft OLE DB Driver 18 pour SQL Server",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft ODBC Driver 18 pour SQL Server on Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes 32 bits (GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Common Data Model SDK pour Python",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-36728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36728"
    },
    {
      "name": "CVE-2023-36429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36429"
    },
    {
      "name": "CVE-2023-36420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36420"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-36730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36730"
    },
    {
      "name": "CVE-2023-36789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36789"
    },
    {
      "name": "CVE-2023-36778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36778"
    },
    {
      "name": "CVE-2023-36566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36566"
    },
    {
      "name": "CVE-2023-36780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36780"
    },
    {
      "name": "CVE-2023-36786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36786"
    },
    {
      "name": "CVE-2023-36568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36568"
    },
    {
      "name": "CVE-2023-38171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38171"
    },
    {
      "name": "CVE-2023-36417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36417"
    },
    {
      "name": "CVE-2023-41763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41763"
    },
    {
      "name": "CVE-2023-36416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36416"
    },
    {
      "name": "CVE-2023-36785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36785"
    },
    {
      "name": "CVE-2023-36433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36433"
    },
    {
      "name": "CVE-2023-36569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36569"
    }
  ],
  "initial_release_date": "2023-10-11T00:00:00",
  "last_revision_date": "2023-10-11T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36728 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36420 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36785 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41763 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41763"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36429 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36429"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36569 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36569"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36568 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36568"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36433 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36433"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36566 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36566"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36786 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36786"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-44487 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36730 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36789 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36789"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36416 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36416"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36778 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36778"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38171 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36417 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36780 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36780"
    }
  ],
  "reference": "CERTFR-2023-AVI-0830",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-10-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une usurpation\nd\u0027identit\u00e9, une ex\u00e9cution de code \u00e0 distance, un d\u00e9ni de service et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/"
    }
  ]
}

CERTFR-2023-AVI-0827

Vulnerability from certfr_avis - Published: 2023-10-11 - Updated: 2023-10-27

De multiples vulnérabilités ont été corrigées dans Microsoft Windows. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données, une exécution de code à distance, un déni de service et un contournement de la fonctionnalité de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Server 2022
Microsoft	Windows	Windows Server 2012
Microsoft	Windows	Windows 10 pour systèmes x64
Microsoft	Windows	Windows 10 Version 1809 pour systèmes x64
Microsoft	Windows	Windows Server 2019 (Server Core installation)
Microsoft	Windows	Windows Server 2019
Microsoft	Windows	Windows Server 2012 R2
Microsoft	Windows	Windows Server 2022 (Server Core installation)
Microsoft	Windows	Windows 10 Version 1607 pour systèmes 32 bits
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes ARM64
Microsoft	Windows	Windows Server 2008 pour systèmes x64 Service Pack 2
Microsoft	Windows	Windows 10 Version 1809 pour systèmes ARM64
Microsoft	Windows	Windows 10 Version 1809 pour systèmes 32 bits
Microsoft	Windows	Windows 11 version 21H2 pour systèmes x64
Microsoft	Windows	Windows Server 2016 (Server Core installation)
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes x64
Microsoft	Windows	Windows 11 version 21H2 pour systèmes ARM64
Microsoft	Windows	Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation)
Microsoft	Windows	Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation)
Microsoft	Windows	Windows 10 Version 1607 pour systèmes x64
Microsoft	Windows	Windows Server 2012 (Server Core installation)
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes 32 bits
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes x64
Microsoft	Windows	Windows Server 2008 pour systèmes 32 bits Service Pack 2
Microsoft	Windows	Windows Server 2008 R2 pour systèmes x64 Service Pack 1
Microsoft	Windows	Microsoft ODBC Driver 18 pour SQL Server on Windows
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes 32 bits
Microsoft	Windows	Windows 11 Version 22H2 pour systèmes ARM64
Microsoft	Windows	Windows Server 2016
Microsoft	Windows	PowerShell 7.3
Microsoft	Windows	Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation)
Microsoft	Windows	Microsoft ODBC Driver 17 pour SQL Server on Windows
Microsoft	Windows	Windows Server 2012 R2 (Server Core installation)
Microsoft	Windows	Windows 10 pour systèmes 32 bits
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes ARM64
Microsoft	Windows	Windows 11 Version 22H2 pour systèmes x64

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2023-36731 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36590 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-35349 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36728 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36420 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-41772 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36571 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36594 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36596 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36577 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36790 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36585 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-29348 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36785 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-41768 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36563 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36583 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-41770 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36436 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36431 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-38159 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36718 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36776 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36572 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36564 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36591 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36582 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36701 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36605 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36581 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36573 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36602 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36584 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36576 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-44487 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36574 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36720 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36709 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36730 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36593 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36729 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36717 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-38166 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36698 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36726 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36434 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36703 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36712 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36902 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36706 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-41767 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36697 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36711 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36578 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36724 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36557 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36723 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36570 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-41771 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36598 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-38171 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36589 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36725 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36438 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36722 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-41765 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36603 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-41769 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36713 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36721 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36435 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-41774 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36704 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36710 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36575 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36606 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-41773 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36567 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36702 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36579 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36707 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36592 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36732 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-41766 du 10 octobre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36743 du 10 octobre 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Server 2022",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes ARM64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 version 21H2 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 version 21H2 pour syst\u00e8mes ARM64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft ODBC Driver 18 pour SQL Server on Windows",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes ARM64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerShell 7.3",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft ODBC Driver 17 pour SQL Server on Windows",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 (Server Core installation)",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-36438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36438"
    },
    {
      "name": "CVE-2023-36577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36577"
    },
    {
      "name": "CVE-2023-36776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36776"
    },
    {
      "name": "CVE-2023-36722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36722"
    },
    {
      "name": "CVE-2023-36728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36728"
    },
    {
      "name": "CVE-2023-41766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41766"
    },
    {
      "name": "CVE-2023-36743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36743"
    },
    {
      "name": "CVE-2023-36579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36579"
    },
    {
      "name": "CVE-2023-36717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36717"
    },
    {
      "name": "CVE-2023-36603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36603"
    },
    {
      "name": "CVE-2023-36420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36420"
    },
    {
      "name": "CVE-2023-36564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36564"
    },
    {
      "name": "CVE-2023-36605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36605"
    },
    {
      "name": "CVE-2023-38166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38166"
    },
    {
      "name": "CVE-2023-36431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36431"
    },
    {
      "name": "CVE-2023-36713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36713"
    },
    {
      "name": "CVE-2023-36557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36557"
    },
    {
      "name": "CVE-2023-41765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41765"
    },
    {
      "name": "CVE-2023-36721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36721"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-36707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36707"
    },
    {
      "name": "CVE-2023-41769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41769"
    },
    {
      "name": "CVE-2023-36730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36730"
    },
    {
      "name": "CVE-2023-36581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36581"
    },
    {
      "name": "CVE-2023-29348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29348"
    },
    {
      "name": "CVE-2023-41773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41773"
    },
    {
      "name": "CVE-2023-36571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36571"
    },
    {
      "name": "CVE-2023-36726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36726"
    },
    {
      "name": "CVE-2023-36706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36706"
    },
    {
      "name": "CVE-2023-36583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36583"
    },
    {
      "name": "CVE-2023-36590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36590"
    },
    {
      "name": "CVE-2023-36710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36710"
    },
    {
      "name": "CVE-2023-36725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36725"
    },
    {
      "name": "CVE-2023-36790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36790"
    },
    {
      "name": "CVE-2023-36434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36434"
    },
    {
      "name": "CVE-2023-36729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36729"
    },
    {
      "name": "CVE-2023-36702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36702"
    },
    {
      "name": "CVE-2023-36718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36718"
    },
    {
      "name": "CVE-2023-36591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36591"
    },
    {
      "name": "CVE-2023-36576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36576"
    },
    {
      "name": "CVE-2023-36584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36584"
    },
    {
      "name": "CVE-2023-36567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36567"
    },
    {
      "name": "CVE-2023-36594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36594"
    },
    {
      "name": "CVE-2023-36573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36573"
    },
    {
      "name": "CVE-2023-36711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36711"
    },
    {
      "name": "CVE-2023-36570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36570"
    },
    {
      "name": "CVE-2023-36572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36572"
    },
    {
      "name": "CVE-2023-36578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36578"
    },
    {
      "name": "CVE-2023-36724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36724"
    },
    {
      "name": "CVE-2023-36582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36582"
    },
    {
      "name": "CVE-2023-36720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36720"
    },
    {
      "name": "CVE-2023-38159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38159"
    },
    {
      "name": "CVE-2023-38171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38171"
    },
    {
      "name": "CVE-2023-36585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36585"
    },
    {
      "name": "CVE-2023-36723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36723"
    },
    {
      "name": "CVE-2023-36703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36703"
    },
    {
      "name": "CVE-2023-36596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36596"
    },
    {
      "name": "CVE-2023-36701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36701"
    },
    {
      "name": "CVE-2023-41770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41770"
    },
    {
      "name": "CVE-2023-41771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41771"
    },
    {
      "name": "CVE-2023-36709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36709"
    },
    {
      "name": "CVE-2023-41767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41767"
    },
    {
      "name": "CVE-2023-36435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36435"
    },
    {
      "name": "CVE-2023-36589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36589"
    },
    {
      "name": "CVE-2023-36593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36593"
    },
    {
      "name": "CVE-2023-36698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36698"
    },
    {
      "name": "CVE-2023-36732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36732"
    },
    {
      "name": "CVE-2023-36575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36575"
    },
    {
      "name": "CVE-2023-41774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41774"
    },
    {
      "name": "CVE-2023-36731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36731"
    },
    {
      "name": "CVE-2023-36592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36592"
    },
    {
      "name": "CVE-2023-36606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36606"
    },
    {
      "name": "CVE-2023-36785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36785"
    },
    {
      "name": "CVE-2023-36602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36602"
    },
    {
      "name": "CVE-2023-41772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41772"
    },
    {
      "name": "CVE-2023-41768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41768"
    },
    {
      "name": "CVE-2023-36436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36436"
    },
    {
      "name": "CVE-2023-36574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36574"
    },
    {
      "name": "CVE-2023-36697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36697"
    },
    {
      "name": "CVE-2023-36712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36712"
    },
    {
      "name": "CVE-2023-36704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36704"
    },
    {
      "name": "CVE-2023-36563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36563"
    },
    {
      "name": "CVE-2023-35349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35349"
    },
    {
      "name": "CVE-2023-36598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36598"
    },
    {
      "name": "CVE-2023-36902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36902"
    }
  ],
  "initial_release_date": "2023-10-11T00:00:00",
  "last_revision_date": "2023-10-27T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36731 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36731"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36590 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36590"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-35349 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35349"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36728 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36420 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41772 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41772"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36571 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36571"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36594 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36594"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36596 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36596"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36577 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36577"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36790 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36790"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36585 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36585"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-29348 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29348"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36785 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41768 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41768"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36563 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36563"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36583 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36583"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41770 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41770"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36436 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36436"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36431 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36431"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38159 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38159"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36718 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36718"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36776 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36776"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36572 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36572"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36564 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36564"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36591 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36591"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36582 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36582"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36701 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36701"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36605 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36605"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36581 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36581"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36573 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36573"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36602 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36602"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36584 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36584"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36576 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36576"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-44487 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36574 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36574"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36720 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36720"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36709 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36709"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36730 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36593 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36593"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36729 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36729"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36717 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36717"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38166 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38166"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36698 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36698"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36726 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36726"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36434 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36434"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36703 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36703"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36712 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36712"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36902 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36902"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36706 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36706"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41767 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41767"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36697 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36697"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36711 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36711"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36578 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36578"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36724 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36724"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36557 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36557"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36723 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36723"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36570 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36570"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41771 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41771"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36598 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36598"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38171 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36589 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36589"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36725 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36725"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36438 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36438"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36722 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36722"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41765 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41765"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36603 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36603"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41769 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41769"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36713 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36713"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36721 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36721"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36435 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36435"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41774 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41774"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36704 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36704"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36710 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36710"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36575 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36575"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36606 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36606"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41773 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41773"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36567 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36567"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36702 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36702"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36579 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36579"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36707 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36707"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36592 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36592"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36732 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36732"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41766 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41766"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36743 du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36743"
    }
  ],
  "reference": "CERTFR-2023-AVI-0827",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-10-11T00:00:00.000000"
    },
    {
      "description": "Microsoft a d\u00e9clar\u00e9 que PowerShell 7.3 \u00e9tait \u00e9galement affect\u00e9 par les vuln\u00e9rabilit\u00e9s CVE-2023-36435 et CVE-2023-38171",
      "revision_date": "2023-10-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code \u00e0 distance, un d\u00e9ni\nde service et un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 octobre 2023",
      "url": "https://msrc.microsoft.com/update-guide/"
    }
  ]
}

MSRC_CVE-2023-36730

Vulnerability from csaf_microsoft - Published: 2023-10-10 07:00 - Updated: 2023-10-11 07:00

Summary

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action

Required. The vulnerability documented by this CVE requires customer action to resolve.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "bee13oy with \u003ca href=\"https://www.cyberkl.com/\"\u003eCyber Kunlun Lab\u003c/a\u003e"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2023-36730 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
      },
      {
        "category": "self",
        "summary": "CVE-2023-36730 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2023/msrc_cve-2023-36730.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
    "tracking": {
      "current_release_date": "2023-10-11T07:00:00.000Z",
      "generator": {
        "date": "2025-04-14T22:45:46.603Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2023-36730",
      "initial_release_date": "2023-10-10T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2023-10-10T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2023-10-11T07:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Updated FAQ information. This is an informational change only."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c15.0.2104.1",
            "product": {
              "name": "Microsoft SQL Server 2019 for x64-based Systems (GDR) \u003c15.0.2104.1",
              "product_id": "10"
            }
          },
          {
            "category": "product_version",
            "name": "15.0.2104.1",
            "product": {
              "name": "Microsoft SQL Server 2019 for x64-based Systems (GDR) 15.0.2104.1",
              "product_id": "11821"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft SQL Server 2019 for x64-based Systems (GDR)"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.1105.1",
            "product": {
              "name": "Microsoft SQL Server 2022 for x64-based Systems (GDR) \u003c16.0.1105.1",
              "product_id": "9"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.1105.1",
            "product": {
              "name": "Microsoft SQL Server 2022 for x64-based Systems (GDR) 16.0.1105.1",
              "product_id": "12147"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft SQL Server 2022 for x64-based Systems (GDR)"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c17.10.5.1",
            "product": {
              "name": "Microsoft ODBC Driver 17 for SQL Server on Windows \u003c17.10.5.1",
              "product_id": "8"
            }
          },
          {
            "category": "product_version",
            "name": "17.10.5.1",
            "product": {
              "name": "Microsoft ODBC Driver 17 for SQL Server on Windows 17.10.5.1",
              "product_id": "12193"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft ODBC Driver 17 for SQL Server on Windows"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c17.10.5.1",
            "product": {
              "name": "Microsoft ODBC Driver 17 for SQL Server on Linux \u003c17.10.5.1",
              "product_id": "7"
            }
          },
          {
            "category": "product_version",
            "name": "17.10.5.1",
            "product": {
              "name": "Microsoft ODBC Driver 17 for SQL Server on Linux 17.10.5.1",
              "product_id": "12194"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft ODBC Driver 17 for SQL Server on Linux"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c17.10.5.1",
            "product": {
              "name": "Microsoft ODBC Driver 17 for SQL Server on MacOS \u003c17.10.5.1",
              "product_id": "6"
            }
          },
          {
            "category": "product_version",
            "name": "17.10.5.1",
            "product": {
              "name": "Microsoft ODBC Driver 17 for SQL Server on MacOS 17.10.5.1",
              "product_id": "12195"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft ODBC Driver 17 for SQL Server on MacOS"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c18.3.2.1",
            "product": {
              "name": "Microsoft ODBC Driver 18 for SQL Server on Windows \u003c18.3.2.1",
              "product_id": "5"
            }
          },
          {
            "category": "product_version",
            "name": "18.3.2.1",
            "product": {
              "name": "Microsoft ODBC Driver 18 for SQL Server on Windows 18.3.2.1",
              "product_id": "12196"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft ODBC Driver 18 for SQL Server on Windows"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c18.3.2.1",
            "product": {
              "name": "Microsoft ODBC Driver 18 for SQL Server on Linux \u003c18.3.2.1",
              "product_id": "4"
            }
          },
          {
            "category": "product_version",
            "name": "18.3.2.1",
            "product": {
              "name": "Microsoft ODBC Driver 18 for SQL Server on Linux 18.3.2.1",
              "product_id": "12197"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft ODBC Driver 18 for SQL Server on Linux"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c18.3.2.1",
            "product": {
              "name": "Microsoft ODBC Driver 18 for SQL Server on MacOS \u003c18.3.2.1",
              "product_id": "3"
            }
          },
          {
            "category": "product_version",
            "name": "18.3.2.1",
            "product": {
              "name": "Microsoft ODBC Driver 18 for SQL Server on MacOS 18.3.2.1",
              "product_id": "12198"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft ODBC Driver 18 for SQL Server on MacOS"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.4080.1",
            "product": {
              "name": "Microsoft SQL Server 2022 for x64-based Systems (CU 8) \u003c16.0.4080.1",
              "product_id": "2"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.4080.1",
            "product": {
              "name": "Microsoft SQL Server 2022 for x64-based Systems (CU 8) 16.0.4080.1",
              "product_id": "12229"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft SQL Server 2022 for x64-based Systems (CU 8)"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c15.0.4326.1",
            "product": {
              "name": "Microsoft SQL Server 2019 for x64-based Systems (CU 22) \u003c15.0.4326.1",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "15.0.4326.1",
            "product": {
              "name": "Microsoft SQL Server 2019 for x64-based Systems (CU 22) 15.0.4326.1",
              "product_id": "12230"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft SQL Server 2019 for x64-based Systems (CU 22)"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-36730",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.",
          "title": "According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?"
        },
        {
          "category": "faq",
          "text": "An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable).",
          "title": "According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?"
        },
        {
          "category": "faq",
          "text": "Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.\nUpdate your application to use Microsoft ODBC Driver 17 or 18 for SQL Server. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.\nConsult with your application vendor if it is compatible with Microsoft ODBC Driver 17 or 18 for SQL Server. Update the drivers to the versions listed in this page, which provide protection against this vulnerability\nFirst, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185 - How to determine the version, edition, and update level of SQL Server and its components., Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.\n5029503: 5029503, Security update for SQL Server 2022 CU8+GDR: Security update for SQL Server 2022 CU8+GDR, 16.0.4003.1 - 16.0.4075.1: 16.0.4003.1 - 16.0.4075.1, KB 5029666 - SQL2022 RTM CU8: KB 5029666 - SQL2022 RTM CU8, 5029379: 5029379, Security update for SQL Server 2022 RTM+GDR: Security update for SQL Server 2022 RTM+GDR, 16.0.1000.6 - 16.0.1050.5: 16.0.1000.6 - 16.0.1050.5, KB 5021522 - Previous SQL2022 RTM GDR: KB 5021522 - Previous SQL2022 RTM GDR, 5029378: 5029378, Security update for SQL Server 2019 CU22+GDR: Security update for SQL Server 2019 CU22+GDR, 15.0.4003.23 - 15.0.4322.2: 15.0.4003.23 - 15.0.4322.2, KB 5027702 - SQL2019 RTM CU22: KB 5027702 - SQL2019 RTM CU22, 5029377: 5029377, Security update for SQL Server 2019 RTM+GDR: Security update for SQL Server 2019 RTM+GDR, 15.0.2000.5 - 15.0.2101.7: 15.0.2000.5 - 15.0.2101.7, KB 5021125 - Previous SQL2019 RTM GDR: KB 5021125 - Previous SQL2019 RTM GDR\nThe General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.\nGDR updates \u2013 cumulatively only contain security updates for the given baseline., CU updates \u2013 cumulatively contain all functional fixes and security updates for the given baseline.\nFor any given baseline, either the GDR or CU updates could be options (see below).\nIf SQL Server installation is at a baseline version, you can choose either the GDR or CU update., If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package., If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.\nYes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.",
          "title": "I am running SQL Server on my system. What action do I need to take?"
        },
        {
          "category": "faq",
          "text": "An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the client receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.",
          "title": "How could an attacker exploit this vulnerability?"
        }
      ],
      "product_status": {
        "fixed": [
          "11821",
          "12147",
          "12193",
          "12194",
          "12195",
          "12196",
          "12197",
          "12198",
          "12229",
          "12230"
        ],
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-36730 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
        },
        {
          "category": "self",
          "summary": "CVE-2023-36730 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2023/msrc_cve-2023-36730.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-10T07:00:00.000Z",
          "details": "15.0.2104.1:Security Update:https://support.microsoft.com/help/5029377",
          "product_ids": [
            "10"
          ],
          "url": "https://support.microsoft.com/help/5029377"
        },
        {
          "category": "vendor_fix",
          "date": "2023-10-10T07:00:00.000Z",
          "details": "16.0.1105.1:Security Update:https://support.microsoft.com/help/5029379",
          "product_ids": [
            "9"
          ],
          "url": "https://support.microsoft.com/help/5029379"
        },
        {
          "category": "vendor_fix",
          "date": "2023-10-10T07:00:00.000Z",
          "details": "17.10.5.1:Security Update:https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17105",
          "product_ids": [
            "8"
          ],
          "url": "https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#17105"
        },
        {
          "category": "vendor_fix",
          "date": "2023-10-10T07:00:00.000Z",
          "details": "17.10.5.1:Security Update:https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#18",
          "product_ids": [
            "7"
          ],
          "url": "https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#18"
        },
        {
          "category": "vendor_fix",
          "date": "2023-10-10T07:00:00.000Z",
          "details": "17.10.5.1:Security Update:https://learn.microsoft.com/sql/connect/odbc/linux-mac/install-microsoft-odbc-driver-sql-server-macos#17",
          "product_ids": [
            "6"
          ],
          "url": "https://learn.microsoft.com/sql/connect/odbc/linux-mac/install-microsoft-odbc-driver-sql-server-macos#17"
        },
        {
          "category": "vendor_fix",
          "date": "2023-10-10T07:00:00.000Z",
          "details": "18.3.2.1:Security Update:https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1832",
          "product_ids": [
            "5"
          ],
          "url": "https://learn.microsoft.com/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows#1832"
        },
        {
          "category": "vendor_fix",
          "date": "2023-10-10T07:00:00.000Z",
          "details": "18.3.2.1:Security Update:https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#18",
          "product_ids": [
            "4",
            "3"
          ],
          "url": "https://learn.microsoft.com/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server#18"
        },
        {
          "category": "vendor_fix",
          "date": "2023-10-10T07:00:00.000Z",
          "details": "16.0.4080.1:Security Update:https://support.microsoft.com/help/5029503",
          "product_ids": [
            "2"
          ],
          "url": "https://support.microsoft.com/help/5029503"
        },
        {
          "category": "vendor_fix",
          "date": "2023-10-10T07:00:00.000Z",
          "details": "15.0.4326.1:Security Update:https://support.microsoft.com/help/5029378",
          "product_ids": [
            "1"
          ],
          "url": "https://support.microsoft.com/help/5029378"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Remote Code Execution"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  ]
}

FKIE_CVE-2023-36730

Vulnerability from fkie_nvd - Published: 2023-10-10 18:15 - Updated: 2024-11-21 08:10

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	odbc_driver_for_sql_server	*
microsoft	odbc_driver_for_sql_server	*
microsoft	odbc_driver_for_sql_server	*
microsoft	odbc_driver_for_sql_server	*
microsoft	odbc_driver_for_sql_server	*
microsoft	odbc_driver_for_sql_server	*
microsoft	sql_server	2019
microsoft	sql_server	2022

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "FEE52D75-0785-47A8-A024-14A83B9732A6",
              "versionEndExcluding": "17.10.5.1",
              "versionStartIncluding": "17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*",
              "matchCriteriaId": "5C5B4D78-6EA4-41E6-A403-2D018D9F0692",
              "versionEndExcluding": "17.10.5.1",
              "versionStartIncluding": "17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "CC490F0A-842A-4590-8CAC-07BB599D8F4F",
              "versionEndExcluding": "17.10.5.1",
              "versionStartIncluding": "17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "90718D50-D4D8-4949-ADB3-310879B2A574",
              "versionEndExcluding": "18.3.2.1",
              "versionStartIncluding": "18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*",
              "matchCriteriaId": "C9BEA137-3C0A-472A-9A5B-428E00302626",
              "versionEndExcluding": "18.3.2.1",
              "versionStartIncluding": "18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "2EDAA3E7-9DA2-4C2F-B626-60A747015FE8",
              "versionEndExcluding": "18.3.2.1",
              "versionStartIncluding": "18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*",
              "matchCriteriaId": "9144F644-A3D4-440C-8978-257E71204617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*",
              "matchCriteriaId": "6CB7AD22-F27B-4807-88F1-02ED420421D5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft ODBC Driver para SQL Server "
    }
  ],
  "id": "CVE-2023-36730",
  "lastModified": "2024-11-21T08:10:28.543",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-10-10T18:15:17.160",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-G6RQ-2JQ4-98MR

Vulnerability from github – Published: 2023-10-10 18:31 – Updated: 2024-04-04 08:32

Details

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-36730"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-10T18:15:17Z",
    "severity": "HIGH"
  },
  "details": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
  "id": "GHSA-g6rq-2jq4-98mr",
  "modified": "2024-04-04T08:32:16Z",
  "published": "2023-10-10T18:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36730"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-36730 (GCVE-0-2023-36730)

GSD-2023-36730

NCSC-2025-0020

CERTFR-2023-AVI-0830

Solution

CERTFR-2023-AVI-0827

Solution

MSRC_CVE-2023-36730

FKIE_CVE-2023-36730

GHSA-G6RQ-2JQ4-98MR

Tags

Sightings

Nomenclature