CVE-2020-1455

A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files. An attacker could exploit the vulnerability to trigger a denial of service.
To exploit the vulnerability, an attacker would first require execution on the victim system.
The security update addresses the vulnerability by ensuring Microsoft SQL Server Management Studio properly handles files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
microsoftCNA
5.3 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
microsoftsql_server_management_studio
𝑥
< 18.6
𝑥
= Vulnerable software versions
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1455
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1455