CVE-2024-43462
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Nov 12, 2024
Updated: Nov 13, 2024
CWE ID 122
Summary
CVE-2024-43462 is a remotely exploitable SQL Injection vulnerability affecting Microsoft SQL Server Native Client. An attacker can exploit this vulnerability by sending specially crafted SQL commands to a targeted database, leading to arbitrary code execution on the system running the SQL Server. Successful exploitation could allow the attacker to gain unauthorized access to sensitive data, install malware, or take control of the affected system. Users are urged to apply the latest Microsoft security patches to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Microsoft SQL Server
Affected Vendors
- Microsoft