Windows : Microsoft Bulletins : Microsoft SQL Server Multiple Vulnerabilities (MS16-136)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.809096

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft SQL Server Multiple Vulnerabilities (MS16-136)

Zusammenfassung: Microsoft SQL Server is prone to multiple vulnerabilities.

Beschreibung: Summary:
Microsoft SQL Server is prone to multiple vulnerabilities.

Vulnerability Insight:
The following vulnerabilities exist:

- CVE-2016-7249, CVE-2016-7250, CVE-2016-7252, CVE-2016-7253, CVE-2016-7254: Privilege escalation

- CVE-2016-7251: Cross-site scripting (XSS)

Vulnerability Impact:
Successful exploitation will allow remote attackers to gain
elevated privileges that could be used to view, change, or delete data, or create new accounts,
also can gain additional database and file information and to spoof content, disclose
information, or take any action that the user could take on the site on behalf of the targeted
user.

Affected Software/OS:
- Microsoft SQL Server 2012 x86/x64 Edition Service Pack 2 and prior

- Microsoft SQL Server 2012 x86/x64 Edition Service Pack 3 and prior

- Microsoft SQL Server 2014 x86/x64 Edition Service Pack 1 and prior

- Microsoft SQL Server 2014 x86/x64 Edition Service Pack 2 and prior

- Microsoft SQL Server 2016 x64 Edition

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-7249
BugTraq ID: 94037
http://www.securityfocus.com/bid/94037
Microsoft Security Bulletin: MS16-136
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136
http://www.securitytracker.com/id/1037250
Common Vulnerability Exposure (CVE) ID: CVE-2016-7250
BugTraq ID: 94060
http://www.securityfocus.com/bid/94060
Common Vulnerability Exposure (CVE) ID: CVE-2016-7251
BugTraq ID: 94043
http://www.securityfocus.com/bid/94043
Common Vulnerability Exposure (CVE) ID: CVE-2016-7252
BugTraq ID: 94050
http://www.securityfocus.com/bid/94050
Common Vulnerability Exposure (CVE) ID: CVE-2016-7253
BugTraq ID: 94056
http://www.securityfocus.com/bid/94056
Common Vulnerability Exposure (CVE) ID: CVE-2016-7254
BugTraq ID: 94061
http://www.securityfocus.com/bid/94061

Copyright Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.809096
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft SQL Server Multiple Vulnerabilities (MS16-136)
Zusammenfassung:	Microsoft SQL Server is prone to multiple vulnerabilities.
Beschreibung:	Summary: Microsoft SQL Server is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2016-7249, CVE-2016-7250, CVE-2016-7252, CVE-2016-7253, CVE-2016-7254: Privilege escalation - CVE-2016-7251: Cross-site scripting (XSS) Vulnerability Impact: Successful exploitation will allow remote attackers to gain elevated privileges that could be used to view, change, or delete data, or create new accounts, also can gain additional database and file information and to spoof content, disclose information, or take any action that the user could take on the site on behalf of the targeted user. Affected Software/OS: - Microsoft SQL Server 2012 x86/x64 Edition Service Pack 2 and prior - Microsoft SQL Server 2012 x86/x64 Edition Service Pack 3 and prior - Microsoft SQL Server 2014 x86/x64 Edition Service Pack 1 and prior - Microsoft SQL Server 2014 x86/x64 Edition Service Pack 2 and prior - Microsoft SQL Server 2016 x64 Edition Solution: See the referenced vendor advisory for a solution. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7249 BugTraq ID: 94037 http://www.securityfocus.com/bid/94037 Microsoft Security Bulletin: MS16-136 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136 http://www.securitytracker.com/id/1037250 Common Vulnerability Exposure (CVE) ID: CVE-2016-7250 BugTraq ID: 94060 http://www.securityfocus.com/bid/94060 Common Vulnerability Exposure (CVE) ID: CVE-2016-7251 BugTraq ID: 94043 http://www.securityfocus.com/bid/94043 Common Vulnerability Exposure (CVE) ID: CVE-2016-7252 BugTraq ID: 94050 http://www.securityfocus.com/bid/94050 Common Vulnerability Exposure (CVE) ID: CVE-2016-7253 BugTraq ID: 94056 http://www.securityfocus.com/bid/94056 Common Vulnerability Exposure (CVE) ID: CVE-2016-7254 BugTraq ID: 94061 http://www.securityfocus.com/bid/94061
Copyright	Copyright (C) 2016 Greenbone AG