Microsoft Sql Server 2022 Gdr
Monthly
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
SQL injection in Microsoft SQL Server 2016-2025 allows authenticated high-privilege attackers to elevate privileges locally via improper neutralization of SQL command elements. Affected versions include SQL Server 2016 SP3, 2017, 2019, 2022, and 2025 across multiple cumulative updates and GDR releases. The CVSS 6.7 score reflects the requirement for high-privilege authentication and local attack vector, but the high confidentiality, integrity, and availability impact makes this a material risk f
Remote code execution in Microsoft SQL Server 2022 (GDR) allows authenticated network attackers to execute arbitrary code with high confidentiality, integrity, and availability impact via untrusted pointer dereference. The vulnerability affects SQL Server 2022 (GDR) versions below 16.0.1175.1, requires low-privilege authenticated access (PR:L), and has low attack complexity (AC:L), making it straightforward to exploit once network access is obtained. Vendor-released patch available (version 16.0.1175.1). No public exploit identified at time of analysis, though the network attack vector and low complexity suggest moderate near-term exploitation risk.
SQL injection in Microsoft SQL Server 2016-2025 allows authenticated high-privilege attackers to elevate privileges locally through improper neutralization of special elements in SQL commands. Affected versions span SQL Server 2016 SP3 through 2025, with patch available from Microsoft. Attack requires local access and high-privilege credentials (PR:H in CVSS vector), limiting real-world impact to insider threats or compromised administrative accounts; CVSS 6.7 reflects high confidentiality, integrity, and availability impact but constrained by authentication and local-only attack vector.
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
SQL injection in Microsoft SQL Server 2016-2025 allows authenticated high-privilege attackers to elevate privileges locally via improper neutralization of SQL command elements. Affected versions include SQL Server 2016 SP3, 2017, 2019, 2022, and 2025 across multiple cumulative updates and GDR releases. The CVSS 6.7 score reflects the requirement for high-privilege authentication and local attack vector, but the high confidentiality, integrity, and availability impact makes this a material risk f
Remote code execution in Microsoft SQL Server 2022 (GDR) allows authenticated network attackers to execute arbitrary code with high confidentiality, integrity, and availability impact via untrusted pointer dereference. The vulnerability affects SQL Server 2022 (GDR) versions below 16.0.1175.1, requires low-privilege authenticated access (PR:L), and has low attack complexity (AC:L), making it straightforward to exploit once network access is obtained. Vendor-released patch available (version 16.0.1175.1). No public exploit identified at time of analysis, though the network attack vector and low complexity suggest moderate near-term exploitation risk.
SQL injection in Microsoft SQL Server 2016-2025 allows authenticated high-privilege attackers to elevate privileges locally through improper neutralization of special elements in SQL commands. Affected versions span SQL Server 2016 SP3 through 2025, with patch available from Microsoft. Attack requires local access and high-privilege credentials (PR:H in CVSS vector), limiting real-world impact to insider threats or compromised administrative accounts; CVSS 6.7 reflects high confidentiality, integrity, and availability impact but constrained by authentication and local-only attack vector.