CVE-2024-0056

CVSS 3.1 Score 8.7 of 10 (high)

Details

Published Jan 9, 2024

Updated: May 29, 2024

CWE ID 319

Summary

CVE-2024-0056 is a newly disclosed vulnerability affecting Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Providers. Hackers can exploit this Security Feature Bypass weakness to bypass intended access controls and execute unauthorized SQL statements, potentially leading to data theft or unintended system modifications. This issue poses a serious risk to applications using these SQL providers and requires immediate attention and patching from developers to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Microsoft .NET Framework
Microsoft Visual Studio 2022
Microsoft SQL Server

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uFeCuz
https://www.cve.org/CVERecord?id=CVE-2024-0056
https://nvd.nist.gov/vuln/detail/CVE-2024-0056

Back to Vulnerability Database