← Retour aux CVEs
CVE-2020-0618
HIGHCISA KEV8.8
Description
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
Details CVE
Score CVSS v3.18.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie2/11/2020
Derniere modification1/13/2026
Sourcekev
Observations honeypot0
CISA KEV
FournisseurMicrosoft
ProduitSQL Server
Nom vulnerabiliteMicrosoft SQL Server Reporting Services Remote Code Execution Vulnerability
Date ajout KEV2024-09-18
Date limite remediation2024-10-09
Utilise dans ransomwareUnknown
Produits affectes
microsoft:sql_server
Faiblesses (CWE)
CWE-502CWE-502
References
http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html(secure@microsoft.com)
http://packetstormsecurity.com/files/159216/Microsoft-SQL-Server-Reporting-Services-2016-Remote-Code-Execution.html(secure@microsoft.com)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618(secure@microsoft.com)
http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/159216/Microsoft-SQL-Server-Reporting-Services-2016-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0618(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.