Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2016-7253

The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Server Agent Elevation of Privilege Vulnerability."

  • Published: Nov 10, 2016
  • Updated: Apr 13, 2023
  • CVE: CVE-2016-7253
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

Software From Fixed in
microsoft / sql_server 2012-sp3 2012-sp3.x
microsoft / sql_server 2012-sp2 2012-sp2.x
microsoft / sql_server 2014-sp1 2014-sp1.x
microsoft / sql_server 2014-sp2 2014-sp2.x