CVE-2020-0618

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server Reporting Services versions 2012 through 2016

Description A remote code execution issue exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. This could allow an attacker to execute code in the context of the Report Server service account. The vulnerability is related to insufficient input validation. An attacker who successfully exploited this vulnerability could execute arbitrary code.

Recommendations For Microsoft SQL Server Reporting Services versions 2012 through 2016, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Report Server service to minimize the risk of exploitation. Avoid using the vulnerable component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.