← Volver a CVEs

CVE-2015-9098

CRITICAL

9.8

Descripcion

In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges).

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado6/22/2017

Ultima modificacion4/20/2025

Fuentenvd

Avistamientos honeypot0

Productos afectados

red-gate:sql_monitor

Debilidades (CWE)

CWE-89

Referencias

http://www.red-gate.com/products/dba/sql-monitor/entrypage/security-vulnerability(cve@mitre.org)

https://www.exploit-db.com/exploits/42444/(cve@mitre.org)

http://www.red-gate.com/products/dba/sql-monitor/entrypage/security-vulnerability(af854a3a-2127-422b-91ae-364da2661108)

https://www.exploit-db.com/exploits/42444/(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.