SynopsisThe version of SQL Server Management Studio installed on the remote Windows host is affected by multiple vulnerabilities.
DescriptionThe version of Microsoft SQL Server Management Studio installed on the remote Windows host is 18.x prior to 18.3.1. It is, therefore, affected by multiple information disclosure vulnerabilities:
- An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected SQL server database. An attacker who successfully exploited the vulnerability could gain additional database and file information. (CVE-2019-1313) (CVE-2019-1376)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpdate to Microsoft SQL Server Management Studio 18.3.1 or later.