Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-8516: Microsoft SQL Server Analysis Services Information Disclosure Vulnerability

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

Microsoft CVE-2017-8516: Microsoft SQL Server Analysis Services Information Disclosure Vulnerability

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

08/08/2017

Created

07/25/2018

Added

08/08/2017

Modified

08/22/2019

Description

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces permissions. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected SQL server database. An attacker who successfully exploited the vulnerability could gain additional database and file information. The security update addresses the vulnerability by correcting how SQL Server Analysis Services enforces permissions.

Solution(s)

msft-kb4019086-50bda3e8-0787-40d3-8690-2df9220406ae-x64
msft-kb4019088-89d0b97e-c24f-45e7-9339-4bb561eaee8e-x64
msft-kb4019089-cd25be50-8da5-4678-a5cf-1d52b73af8ce-x64
msft-kb4019090-6ba170c0-f9ce-44b5-a019-6c4bd8d0d79a-x64
msft-kb4019090-6ba170c0-f9ce-44b5-a019-6c4bd8d0d79a-x86
msft-kb4019091-18a26a32-7a1a-45a3-b9a7-e442b94e9359-x64
msft-kb4019091-18a26a32-7a1a-45a3-b9a7-e442b94e9359-x86
msft-kb4019092-f2d5cd02-ae12-4a69-8b85-edc150b32f59-x64
msft-kb4019092-f2d5cd02-ae12-4a69-8b85-edc150b32f59-x86
msft-kb4019093-5f3819d7-ad79-4ab6-b605-f260260e5086-x64
msft-kb4019093-5f3819d7-ad79-4ab6-b605-f260260e5086-x86
msft-kb4019095-1b0321aa-7ab3-4b01-9659-c0095fb7ba7f-x64
msft-kb4032542-99e4a5e1-9c80-4fd1-b919-a1749169e57e-x64
msft-kb4032542-99e4a5e1-9c80-4fd1-b919-a1749169e57e-x86
msft-kb4036996-939f5f95-1f54-4bd5-8fed-203c98e6cb19-x64
msft-kb4036996-939f5f95-1f54-4bd5-8fed-203c98e6cb19-x86

References

https://attackerkb.com/topics/cve-2017-8516
CVE - 2017-8516
4019086
4019088
4019089
4019090
4019091
4019092
4019093
4019095
4032542
4036996

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-8516: Microsoft SQL Server Analysis Services Information Disclosure Vulnerability

Microsoft CVE-2017-8516: Microsoft SQL Server Analysis Services Information Disclosure Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.