PT-2017-18385 · Microsoft · Sql Server Analysis Services+1

Published

2017-08-08

Updated

2022-10-27

CVE-2017-8516

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server Analysis Services versions 2012 through 2016

Description An information disclosure issue exists due to improper permission enforcement. If an attacker's credentials allow access to an affected SQL server database, they could exploit this to gain additional database and file information.

Recommendations For Microsoft SQL Server Analysis Services versions 2012 through 2016, update to a version that properly enforces permissions to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-8516

Affected Products

Sql Server Analysis Services

Sql Server

PT-2017-18385 · Microsoft · Sql Server Analysis Services+1

CVE-2017-8516

Weakness Enumeration

Related Identifiers

Affected Products

References · 5