CVE-2024-37341

CRITICAL EPSS 70.2%

Published Sep 10, 20241y ago · Modified Jun 17, 20261w ago

9.8 CVSS 3.1

Critical

Published Sep 10, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

Microsoft SQL Server Elevation of Privilege Vulnerability

Base Score

9.8

Exploitability

3.9

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

EPSS Exploit Probability

70.2% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

CWE-284

Vendor	Product	Version	Range
microsoft	sql_2016_azure_connect_feature_pack	*	≥13.0.7000.253 – <13.0.7040.1
microsoft	sql_server_2016	*	≥13.0.6300.2 – <13.0.6441.1
microsoft	sql_server_2017	*	≥14.0.1000.169 – <14.0.2060.1
microsoft	sql_server_2017	*	≥14.0.3006.16 – <14.0.3475.1
microsoft	sql_server_2019	*	≥15.0.2000.5 – <15.0.2120.1
microsoft	sql_server_2019	*	≥15.0.4003.23 – <15.0.4390.2
microsoft	sql_server_2022	*	≥16.0.1000.6 – <16.0.1125.1
microsoft	sql_server_2022	*	≥16.0.4003.1 – <16.0.4140.3

msrc.microsoft.com https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37341

PatchVendor Advisory

msrc.microsoft.com https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37341

PatchVendor Advisory