CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-0618

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score59.8780%
EPSS Percentile88.12th
Published2020年2月11日
Last Modified2026年1月13日

Vulnerability Description

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.

Affected Platforms (CPE)

📦
Microsoft

Sql Server

= 2012
📦
Microsoft

Sql Server

= 2014
📦
Microsoft

Sql Server

= 2016

References & Advisories

🔗 http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html
🔗 http://packetstormsecurity.com/files/159216/Microsoft-SQL-Server-Reporting-Services-2016-Remote-Code-Execution.html
🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618
🔗 http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html
🔗 http://packetstormsecurity.com/files/159216/Microsoft-SQL-Server-Reporting-Services-2016-Remote-Code-Execution.html
🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0618

関連する脆弱性情報

CVE-2000-120910.0

The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engi...

CVE-2002-028710.0

pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and ga...

CVE-2020-2949310.0

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthentic...

CVE-2002-072110.0

Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper fu...