← Voltar para CVEs
CVE-2020-0618
HIGHCISA KEV8.8
Descricao
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
Detalhes CVE
Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado2/11/2020
Ultima modificacao1/13/2026
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorMicrosoft
ProdutoSQL Server
Nome da vulnerabilidadeMicrosoft SQL Server Reporting Services Remote Code Execution Vulnerability
Data inclusao KEV2024-09-18
Prazo de remediacao2024-10-09
Uso em ransomwareUnknown
Produtos afetados
microsoft:sql_server
Fraquezas (CWE)
CWE-502CWE-502
Referencias
http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html(secure@microsoft.com)
http://packetstormsecurity.com/files/159216/Microsoft-SQL-Server-Reporting-Services-2016-Remote-Code-Execution.html(secure@microsoft.com)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618(secure@microsoft.com)
http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/159216/Microsoft-SQL-Server-Reporting-Services-2016-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0618(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.