We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-0056

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability



Description

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability

Reserved 2023-11-22 | Published 2024-01-09 | Updated 2025-06-03 | Assigner microsoft


HIGH: 8.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C

Problem types

CWE-319: Cleartext Transmission of Sensitive Information

Product status

16.0.0 before 16.0.1110.1
affected

6.0.0 before 6.0.26
affected

7.0.0 before 7.0.15
affected

8.0 before 8.0.1
affected

2.0 before 2.1.7
affected

3.0 before 3.1.5
affected

4.0 before 4.0.5
affected

5.0 before 5.1.3
affected

1.0 before 4.8.6
affected

17.2.0 before 17.2.23
affected

17.4.0 before 17.4.15
affected

17.6.0 before 17.6.11
affected

17.8.0 before 17.8.4
affected

Any version before 16.0.4100.1
affected

4.8.0 before 4.8.04690.02
affected

4.8.0 before 4.8.04690.02
affected

4.7.0 before 4.7.04081.03
affected

4.7.0 before 4.7.04081.02
affected

4.8.1 before 4.8.09214.01
affected

2.0.0 before 3.0.50727.8976
affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056 (Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability) vendor-advisory

cve.org (CVE-2024-0056)

nvd.nist.gov (CVE-2024-0056)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-0056

Support options

Helpdesk Chat, Email, Knowledgebase