CVE-2017-8516 - Vulnerability Details - OpenCVE

Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability".

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Sql Server

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:sql_server:2012:sp3::::::
	cpe:2.3:a:microsoft:sql_server:2014:sp1::::::
	cpe:2.3:a:microsoft:sql_server:2014:sp2::::::
	cpe:2.3:a:microsoft:sql_server:2016:::::::*
	cpe:2.3:a:microsoft:sql_server:2016:sp1::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/100041
http://www.securitytracker.com/id/1039110
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8516

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2017-08-08T21:00:00Z

Updated: 2024-09-16T23:22:02.640Z

Reserved: 2017-05-03T00:00:00

Link: CVE-2017-8516

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-08-08T21:29:00.563

Modified: 2024-11-21T03:34:10.440

Link: CVE-2017-8516

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SQL Server", "vendor": "Microsoft Corporation", "versions": [{"status": "affected", "version": "Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016"}]}], "datePublic": "2017-08-08T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka \"Microsoft SQL Server Analysis Services Information Disclosure Vulnerability\"."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-24T04:49:49", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8516"}, {"name": "1039110", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039110"}, {"name": "100041", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100041"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "DATE_PUBLIC": "2017-08-08T00:00:00", "ID": "CVE-2017-8516", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SQL Server", "version": {"version_data": [{"version_value": "Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016"}]}}]}, "vendor_name": "Microsoft Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka \"Microsoft SQL Server Analysis Services Information Disclosure Vulnerability\"."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8516", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8516"}, {"name": "1039110", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039110"}, {"name": "100041", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100041"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:41:23.508Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8516"}, {"name": "1039110", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039110"}, {"name": "100041", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100041"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2017-8516", "datePublished": "2017-08-08T21:00:00Z", "dateReserved": "2017-05-03T00:00:00", "dateUpdated": "2024-09-16T23:22:02.640Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:sql_server:2012:sp3:*:*:*:*:*:*", "matchCriteriaId": "6CEA6995-0B2D-44C5-9A14-76C9796A9863", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp1:*:*:*:*:*:*", "matchCriteriaId": "B5A0AA01-39E8-42A5-8B57-46BEE3A2CD51", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp2:*:*:*:*:*:*", "matchCriteriaId": "58837806-386A-40AC-B8D3-35765113D75C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sql_server:2016:*:*:*:*:*:*:*", "matchCriteriaId": "40058AB9-EE59-449E-B4C4-541E12A4861F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sql_server:2016:sp1:*:*:*:*:*:*", "matchCriteriaId": "51143C5C-46EA-4B37-8C1F-0697A62AC4E8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka \"Microsoft SQL Server Analysis Services Information Disclosure Vulnerability\"."}, {"lang": "es", "value": "Microsoft SQL Server Analysis Services en Microsoft SQL Server 2012, Microsoft SQL Server 2014, y Microsoft SQL Server 2016 permite una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando aplica permisos de forma incorrecta. Esta vulnerabilidad tambi\u00e9n es denominada \"Microsoft SQL Server Analysis Services Information Disclosure Vulnerability\"."}], "id": "CVE-2017-8516", "lastModified": "2024-11-21T03:34:10.440", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-08T21:29:00.563", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory"], "url": "http://www.securityfocus.com/bid/100041"}, {"source": "secure@microsoft.com", "tags": ["URL Repurposed"], "url": "http://www.securitytracker.com/id/1039110"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8516"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.securityfocus.com/bid/100041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["URL Repurposed"], "url": "http://www.securitytracker.com/id/1039110"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8516"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}