CVE-2024-37341

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server versions prior to 13.0.7045.2 Microsoft SQL Server versions prior to 13.0.6450.1 Microsoft SQL Server versions prior to 15.0.4395.2 Microsoft SQL Server versions prior to 15.0.2125.1 Microsoft SQL Server versions prior to 14.0.3480.1 Microsoft SQL Server versions prior to 14.0.2065.1 Microsoft SQL Server versions prior to 16.0.4150.1 Microsoft SQL Server versions prior to 16.0.1130.5

Description The vulnerability in Microsoft SQL Server is related to inadequate access control. Exploitation of the vulnerability may allow a remote attacker to elevate their privileges.

Recommendations For versions prior to 13.0.7045.2, apply the security update for SQL Server 2016 SP3. For versions prior to 13.0.6450.1, apply the security update for SQL Server 2016 GDR. For versions prior to 15.0.4395.2, apply the security update for SQL Server 2019 CU28. For versions prior to 15.0.2125.1, apply the security update for SQL Server 2019 GDR. For versions prior to 14.0.3480.1, apply the security update for SQL Server 2017 CU31. For versions prior to 14.0.2065.1, apply the security update for SQL Server 2017 GDR. For versions prior to 16.0.4150.1, apply the security update for SQL Server 2022 CU15. For versions prior to 16.0.1130.5, apply the security update for SQL Server 2022 GDR.