CVE-2024-37337

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37337	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:sql_2016_azure_connect_feature_pack::::::::
	cpe:2.3:a:microsoft:sql_server_2016:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2017:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2017:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2019:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2019:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2022:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2022:::::::x64:*

History

23 Sep 2024, 17:00

Type	Values Removed	Values Added
First Time		Microsoft sql Server 2019 Microsoft sql Server 2016 Microsoft sql Server 2017 Microsoft sql Server 2022 Microsoft Microsoft sql 2016 Azure Connect Feature Pack
CVSS	v2 : ~~unknown~~ v3 : ~~7.1~~	v2 : unknown v3 : 4.3
References	~~() https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37337 -~~	() https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37337 - Patch, Vendor Advisory
CPE		cpe:2.3:a:microsoft:sql_server_2017:::::::x64:* cpe:2.3:a:microsoft:sql_server_2016:::::::x64:* cpe:2.3:a:microsoft:sql_server_2022:::::::x64:* cpe:2.3:a:microsoft:sql_server_2019:::::::x64:* cpe:2.3:a:microsoft:sql_2016_azure_connect_feature_pack::::::::
Summary		(es) Vulnerabilidad de divulgación de información de puntuación nativa de Microsoft SQL Server
CWE		NVD-CWE-noinfo

10 Sep 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-10 17:15

Updated : 2024-09-23 17:00

NVD link : CVE-2024-37337

Mitre link : CVE-2024-37337

CVE.ORG link : CVE-2024-37337

JSON object : View

Products Affected

microsoft

sql_server_2016
sql_2016_azure_connect_feature_pack
sql_server_2022
sql_server_2019
sql_server_2017

CWE

NVD-CWE-noinfo CWE-197

Numeric Truncation Error

{"id": "CVE-2024-37337", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "secure@microsoft.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2024-09-10T17:15:17.820", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37337", "tags": ["Patch", "Vendor Advisory"], "source": "secure@microsoft.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "secure@microsoft.com", "description": [{"lang": "en", "value": "CWE-197"}]}], "descriptions": [{"lang": "en", "value": "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability"}, {"lang": "es", "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de puntuaci\u00f3n nativa de Microsoft SQL Server"}], "lastModified": "2024-09-23T17:00:04.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:sql_2016_azure_connect_feature_pack:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8C67827-D364-4A62-82E3-F5E823B4DF29", "versionEndIncluding": "13.0.7037.1", "versionStartIncluding": "13.0.7000.253"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "52804B2D-2D71-41DC-92BC-4B3C086CFE59", "versionEndExcluding": "13.0.6441.1", "versionStartIncluding": "13.0.6300.2"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "092AF402-BDA3-46C2-ADB8-BEA92DF81BA5", "versionEndExcluding": "14.0.2060.1", "versionStartIncluding": "14.0.1000.169"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "6E6AD612-AB64-4454-970E-D868420C6CC6", "versionEndExcluding": "14.0.3475.1", "versionStartIncluding": "14.0.3006.16"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "64D0E7A9-846A-421E-A3E0-E2C0CDACD13C", "versionEndExcluding": "15.0.2120.1", "versionStartIncluding": "15.0.2000.5"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "AF8BBB82-ED5C-4943-A787-EA07536BCFBF", "versionEndExcluding": "15.0.4390.2", "versionStartIncluding": "15.0.4003.23"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "30D1D16A-0B3E-49B4-9DB4-77FC462BA503", "versionEndExcluding": "16.0.1125.1", "versionStartIncluding": "16.0.1000.6"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "148D362E-101A-4121-9790-B537D02CB114", "versionEndExcluding": "16.0.4140.3", "versionStartIncluding": "16.0.4003.1"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}