PT-2024-1053 · Microsoft+4 · System.Data.Sqlclient+7

Anita Gaud

Published

2024-01-09

Updated

2025-11-18

CVE-2024-0056

CVSS v3.1

8.7

High

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Microsoft.Data.SqlClient and System.Data.SqlClient (affected versions not specified)

Description A security-feature bypass vulnerability in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider allows attackers to affect the system. This issue is related to errors in security settings, which can be exploited by a remote attacker to bypass security restrictions and implement a man-in-the-middle attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254CWE-319

Related Identifiers

ALSA-2024:0150

ALSA-2024:0151

ALSA-2024:0152

ALSA-2024:0156

ALSA-2024:0157

ALSA-2024:0158

ALT-PU-2024-13117

ALT-PU-2024-13118

ALT-PU-2024-16742

ALT-PU-2024-16744

ALT-PU-2024-16792

ALT-PU-2024-16794

ALT-PU-2024-16796

ALT-PU-2024-16939

ALT-PU-2024-2554

ALT-PU-2024-2556

ALT-PU-2024-2557

ALT-PU-2024-5998

ALT-PU-2024-6034

BDU:2024-00281

BIT-DOTNET-2024-0056

BIT-DOTNET-SDK-2024-0056

CESA-2024_0150

CESA-2024_0157

CESA-2024_0158

CVE-2024-0056

GHSA-98G6-XH36-X2P7

RHSA-2024:0150

RHSA-2024:0151

RHSA-2024:0152

RHSA-2024:0156

RHSA-2024:0157

RHSA-2024:0158

RHSA-2024:0255

RHSA-2024_0150

RHSA-2024_0151

RHSA-2024_0152

RHSA-2024_0156

RHSA-2024_0157

RHSA-2024_0158

RLSA-2024:0157

RLSA-2024:0158

Affected Products

.Net Framework

Alt Linux

Almalinux

Centos

Sql Server

Microsoft.Data.Sqlclient

Red Hat

System.Data.Sqlclient

PT-2024-1053 · Microsoft+4 · System.Data.Sqlclient+7

CVE-2024-0056

Weakness Enumeration

Related Identifiers

Affected Products

References · 63