Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Microsoft SQL Server Number Of NVD 107 CRITICAL 0 HIGH 74 MEDIUM 30 LOW 3
URL https://www.microsoft.com/ja-jp/sql-server/
Explanation It is a relational database management system (RDBMS) provided by Microsoft, and like other Windows products, it can be operated in various ways from the GUI (screen).
The support end date depends on the service pack provided.
If a new service pack is provided, the old service pack will be supported for 12 months.
Tag
  • 商用ライセンス有り
Add Information URL
No Type Name URL
1 https://support.microsoft.com/ja-jp/lifecycle/search?alpha=SQL%20Server
2 https://sqlserverbuilds.blogspot.com/
3 https://learn.microsoft.com/ja-jp/lifecycle/policies/fixed
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
21 SQL Server 2022 2022 Nov. 16, 2022 Jan. 11, 2028 Jan. 11, 2033 0 18 1 0
22 SQL Server 2019 2019 Nov. 4, 2019 Jan. 7, 2025 Jan. 8, 2030 0 20 1 0
23 SQL Server 2014 Service Pack 3 2014 Oct. 30, 2018 July 9, 2019 July 9, 2024 0 15 3 0
24 SQL Server 2016 Service Pack 2 2016 April 24, 2018 July 13, 2021 July 14, 2026 0 13 3 0
25 SQL Server 2017 2017 Sept. 29, 2017 Oct. 11, 2022 Oct. 12, 2027 0 9 2 0
26 SQL Server 2012 Service Pack 4 2012 July 11, 2017 July 12, 2022 0 12 4 0
27 SQL Server 7.0 7.0 Jan. 1, 2000 0 16 17 3
28 SQL Server 6.5 6.5 Jan. 1, 2000 0 2 1 1
29 SQL Server 6.0 6.0 Jan. 1, 2000 0 1 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
21 7.8
4.6 		HIGH
Local 		SQL Server for Linux Containers Elevation of Privilege Vulnerability NVD-CWE-noinfo
CVE-2022-23276 cpe:2.3:a:microsoft:sql_server:2019:* 2024-11-21 15:48
2022-02-10 		Show GitHub Exploit DB Packet Storm
22 8.8
6.5 		HIGH
Network 		Microsoft SQL Elevation of Privilege Vulnerability CWE-89
SQL Injection 		CVE-2021-1636 cpe:2.3:a:microsoft:sql_server:2019:*
cpe:2.3:a:microsoft:sql_server:2017:-
cpe:2.3:a:microsoft:sql_server:2016:s… 		2024-11-21 14:44
2021-01-13 		Show GitHub Exploit DB Packet Storm
23 8.8
6.5 		HIGH
Network 		A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution V… CWE-502
 Deserialization of Untrusted Data 		CVE-2020-0618 cpe:2.3:a:microsoft:sql_server:2016:sp2
cpe:2.3:a:microsoft:sql_server:2014:sp3
cpe:2.3:a:microsoft:sql_server:20… 		2024-11-21 13:53
2020-02-12 		Show GitHub Exploit DB Packet Storm
24 8.8
6.5 		HIGH
Network 		A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'. NVD-CWE-noinfo
CVE-2019-1068 cpe:2.3:a:microsoft:sql_server:2017:*
cpe:2.3:a:microsoft:sql_server:2016:sp2
cpe:2.3:a:microsoft:sql_server:2016… 		2024-11-21 13:35
2019-07-16 		Show GitHub Exploit DB Packet Storm
25 6.5
4.0 		MEDIUM
Network 		An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Microsoft SQL Server Analysis Services Information Disc… NVD-CWE-noinfo
CVE-2019-0819 cpe:2.3:a:microsoft:sql_server:2017:* 2024-11-21 13:17
2019-05-17 		Show GitHub Exploit DB Packet Storm
26 7.5
5.0 		HIGH
Network 		Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforce… CWE-200
Information Exposure 		CVE-2017-8516 cpe:2.3:a:microsoft:sql_server:2016:sp1
cpe:2.3:a:microsoft:sql_server:2016:*
cpe:2.3:a:microsoft:sql_server:2014… 		2024-11-21 12:34
2017-08-9 		Show GitHub Exploit DB Packet Storm
27 8.8
6.5 		HIGH
Network 		Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS E… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2016-7254 cpe:2.3:a:microsoft:sql_server:2012:sp3
cpe:2.3:a:microsoft:sql_server:2012:sp2 		2024-11-21 11:57
2016-11-10 		Show GitHub Exploit DB Packet Storm
28 8.8
6.5 		HIGH
Network 		The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecif… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2016-7253 cpe:2.3:a:microsoft:sql_server:2014:sp2
cpe:2.3:a:microsoft:sql_server:2014:sp1
cpe:2.3:a:microsoft:sql_server:20… 		2024-11-21 11:57
2016-11-10 		Show GitHub Exploit DB Packet Storm
29 6.5
4.0 		MEDIUM
Network 		Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Analysis Services Information Disclosure Vulnera… CWE-200
Information Exposure 		CVE-2016-7252 cpe:2.3:a:microsoft:sql_server:2016:* 2024-11-21 11:57
2016-11-10 		Show GitHub Exploit DB Packet Storm
30 6.1
4.3 		MEDIUM
Network 		Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vuln… CWE-79
Cross-site Scripting 		CVE-2016-7251 cpe:2.3:a:microsoft:sql_server:2016:* 2024-11-21 11:57
2016-11-10 		Show GitHub Exploit DB Packet Storm