Skip to main content

Sql Server Management Studio

7 CVEs product

Monthly

CVE-2025-29803 HIGH This Month

Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sql Server Management Studio Visual Studio Tools For Applications 2019 Visual Studio Tools For Applications 2019 Sdk Visual Studio Tools For Applications 2022 +1
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2020-1455 MEDIUM PATCH This Month

A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Microsoft Sql Server Management Studio
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-1376 MEDIUM PATCH This Month

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sql Server Management Studio
NVD
CVSS 3.1
6.5
EPSS
5.0%
CVE-2019-1313 MEDIUM PATCH This Month

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sql Server Management Studio
NVD
CVSS 3.1
6.5
EPSS
5.0%
CVE-2018-8533 MEDIUM POC PATCH THREAT This Month

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft XXE Information Disclosure Sql Server Management Studio
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
23.4%
CVE-2018-8532 MEDIUM POC PATCH THREAT This Month

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft XXE Information Disclosure Sql Server Management Studio
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
23.4%
CVE-2018-8527 MEDIUM POC PATCH THREAT This Month

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft XXE Information Disclosure Sql Server Management Studio
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
23.4%
EPSS 0% CVSS 7.3
HIGH This Month

Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sql Server Management Studio Visual Studio Tools For Applications 2019 +3
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Microsoft Sql Server Management Studio
NVD
EPSS 5% CVSS 6.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sql Server Management Studio
NVD
EPSS 5% CVSS 6.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sql Server Management Studio
NVD
EPSS 23% CVSS 5.5
MEDIUM POC PATCH THREAT This Month

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft XXE Information Disclosure +1
NVD Exploit-DB
EPSS 23% CVSS 5.5
MEDIUM POC PATCH THREAT This Month

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft XXE Information Disclosure +1
NVD Exploit-DB
EPSS 23% CVSS 5.5
MEDIUM POC PATCH THREAT This Month

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft XXE Information Disclosure +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy