Vulnerability Details : CVE-2017-8516
Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability".
Vulnerability category: Information leak
Products affected by CVE-2017-8516
- cpe:2.3:a:microsoft:sql_server:2012:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:2014:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:2014:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:2016:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:2016:sp1:*:*:*:*:*:*
Threat overview for CVE-2017-8516
Top countries where our scanners detected CVE-2017-8516
Top open port discovered on systems with this issue
1433
IPs affected by CVE-2017-8516 160,660
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2017-8516!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2017-8516
0.46%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-8516
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-8516
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-8516
-
http://www.securitytracker.com/id/1039110
Microsoft SQL Server Analysis Services Permissions Flaw Lets Remote Authenticated Users Obtain Potentially Sensitive Information - SecurityTrackerURL Repurposed
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8516
CVE-2017-8516 | Microsoft SQL Server Analysis Services Information Disclosure VulnerabilityPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/100041
Microsoft SQL Server CVE-2017-8516 Information Disclosure VulnerabilityThird Party Advisory
Jump to