CVE-2024-0056 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.7 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
microsoft	CNA	8.7 HIGH				CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 70%

Affected Products (NVD)

Vendor	Product	Version
microsoft	microsoft.data.sqlclient	2.1 ≤ 𝑥 < 2.1.7
microsoft	microsoft.data.sqlclient	3.1 ≤ 𝑥 < 3.1.5
microsoft	microsoft.data.sqlclient	4.0 ≤ 𝑥 < 4.0.5
microsoft	microsoft.data.sqlclient	5.1 ≤ 𝑥 < 5.1.3
microsoft	system.data.sqlclient	𝑥 < 4.8.6
microsoft	visual_studio_2022	17.2 ≤ 𝑥 < 17.2.23
microsoft	visual_studio_2022	17.4 ≤ 𝑥 < 17.4.15
microsoft	visual_studio_2022	17.6 ≤ 𝑥 < 17.6.11
microsoft	visual_studio_2022	17.8 ≤ 𝑥 < 17.8.4
microsoft	.net_framework	4.8 ≤ 𝑥 < 4.8.04690.02
microsoft	.net_framework	4.8 ≤ 𝑥 < 4.8.04690.01
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.7
microsoft	.net_framework	4.7.1
microsoft	.net_framework	4.7.2
microsoft	.net_framework	3.5
microsoft	.net_framework	4.8.1
microsoft	.net_framework	4.8 ≤ 𝑥 < 4.8.04690.02
microsoft	.net_framework	3.5
microsoft	.net_framework	3.5
microsoft	.net_framework	4.7.2
microsoft	.net_framework	2.0:sp2
microsoft	.net	6.0.0 ≤ 𝑥 < 6.0.26
microsoft	.net	7.0.0 ≤ 𝑥 < 7.0.15
microsoft	.net	8.0.0

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

1607 (x64, x86)	KB5033910
1607 (x64, x86)	KB5034119
1809 (arm64, x64, x64, x86, x86)	KB5034273
21H2 (arm64, arm64, x64, x64, x86, x86)	KB5034274
22H2 (arm64, arm64, x64, x64, x86, x86)	KB5034275

Windows 11

21H2 (arm64, arm64, x64, x64)	KB5034276
22H2 (arm64, x64)	KB5033920
23H2 (arm64, x64)	KB5033920

Windows Server 2008

Service Pack 2 (x64, x86)

Windows Server 2008 R2

Service Pack 1 (x64)	KB5034277
Service Pack 1 (x64)	KB5034269
Service Pack 1 Server Core (x64)	KB5034277
Service Pack 1 Server Core (x64)	KB5034269

Windows Server 2012

Server Core	KB5034278
Standard	KB5034278

Windows Server 2012 R2

Server Core	KB5034279
Standard	KB5034279

Windows Server 2016

Server Core	KB5033910
Server Core	KB5034119
Standard	KB5033910
Standard	KB5034119

Windows Server 2019

Server Core	KB5034273
Standard	KB5034273

Windows Server 2022

23H2 Server Core	KB5034272
Server Core	KB5034272
Standard	KB5034272

Ubuntu Releases

Ubuntu Product

Codename

dotnet6

bionic	dne
focal	dne
jammy	not-affected
lunar	not-affected
mantic	not-affected
trusty	dne
xenial	dne

dotnet7

bionic	dne
focal	dne
jammy	not-affected
lunar	not-affected
mantic	not-affected
trusty	dne
xenial	dne

dotnet8

bionic	dne
focal	dne
jammy	not-affected
lunar	dne
mantic	not-affected
trusty	dne
xenial	dne

Common Weakness Enumeration

CWE-319 - Cleartext Transmission of Sensitive Information
The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056