Vulnerability Description
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
CVSS Score
8.7
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft.Data.Sqlclient | >= 2.1, < 2.1.7 |
| Microsoft | Sql Server | 2022 |
| Microsoft | System.Data.Sqlclient | < 4.8.6 |
| Microsoft | Visual Studio 2022 | >= 17.2, < 17.2.23 |
| Microsoft | .Net Framework | >= 4.8, < 4.8.04690.02 |
| Microsoft | Windows 10 1607 | - |
| Microsoft | Windows Server 2008 | r2 |
| Microsoft | Windows Server 2012 | - |
| Microsoft | Windows Server 2016 | - |
| Microsoft | Windows 10 1809 | - |
| Microsoft | Windows 10 21H2 | - |
| Microsoft | Windows 10 22H2 | - |
| Microsoft | Windows 11 21H2 | - |
| Microsoft | Windows 11 22H2 | - |
| Microsoft | Windows 11 23H2 | - |
| Microsoft | Windows Server 2019 | - |
| Microsoft | Windows Server 2022 | - |
| Microsoft | Windows Server 2022 23H2 | - |
| Microsoft | .Net | >= 6.0.0, < 6.0.26 |
Related Weaknesses (CWE)
References
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056PatchVendor Advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056PatchVendor Advisory
FAQ
What is CVE-2024-0056?
CVE-2024-0056 is a vulnerability with a CVSS score of 8.7 (HIGH). Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
How severe is CVE-2024-0056?
CVE-2024-0056 has been rated HIGH with a CVSS base score of 8.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-0056?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Microsoft.Data.Sqlclient, Microsoft Sql Server, Microsoft System.Data.Sqlclient, Microsoft Visual Studio 2022, Microsoft .Net Framework.