What is CVE-2017-8516?

CVE-2017-8516 is a high-severity vulnerability in Microsoft Sql_server, classified under Information Disclosure. CVSS score: 7.5/10. Published 2017-08-08.

How severe is CVE-2017-8516?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2017-8516 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Microsoft Sql_server

CVE-2017-8516

Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server…

Vulnerability class: Information Disclosure

EPSS: 0.016 (82.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Microsoft Sql_server — versions 2012, 2014, 2016
Microsoft Corporation Sql Server — versions Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

Live-Hack-CVE/CVE-2017-8516

References

secure@microsoft.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
secure@microsoft.com (URL Repurposed, vdb-entry, x_refsource_SECTRACK)
secure@microsoft.com (Third Party Advisory, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2017-8516?: CVE-2017-8516 is a high-severity vulnerability in Microsoft Sql_server, classified under Information Disclosure. CVSS score: 7.5/10. Published 2017-08-08.
How severe is CVE-2017-8516?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2017-8516 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.