gsd-2020-1455
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files, aka 'Microsoft SQL Server Management Studio Denial of Service Vulnerability'.
Aliases
Aliases
CVE-2020-1455


To clipboard 

{
  "GSD": {
    "alias": "CVE-2020-1455",
    "description": "A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files, aka \u0027Microsoft SQL Server Management Studio Denial of Service Vulnerability\u0027.",
    "id": "GSD-2020-1455"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-1455"
      ],
      "details": "A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files, aka \u0027Microsoft SQL Server Management Studio Denial of Service Vulnerability\u0027.",
      "id": "GSD-2020-1455",
      "modified": "2023-12-13T01:21:58.546116Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2020-1455",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SQL Server Management Studio 18.6",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "18.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files. An attacker could exploit the vulnerability to trigger a denial of service.\nTo exploit the vulnerability, an attacker would first require execution on the victim system.\nThe security update addresses the vulnerability by ensuring Microsoft SQL Server Management Studio properly handles files.\n"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Denial of Service"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1455",
            "refsource": "MISC",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1455"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:microsoft:sql_server_management_studio:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5182D31C-67A0-43B0-ABAF-624340C04DAC",
                    "versionEndExcluding": "18.6",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files. An attacker could exploit the vulnerability to trigger a denial of service.\nTo exploit the vulnerability, an attacker would first require execution on the victim system.\nThe security update addresses the vulnerability by ensuring Microsoft SQL Server Management Studio properly handles files.\n"
          },
          {
            "lang": "es",
            "value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio cuando Microsoft SQL Server Management Studio (SSMS), maneja archivos inapropiadamente, tambi\u00e9n se conoce como \"Microsoft SQL Server Management Studio Denial of Service Vulnerability\"."
          }
        ],
        "id": "CVE-2020-1455",
        "lastModified": "2024-01-19T00:15:10.623",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "LOW",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 3.4,
              "source": "secure@microsoft.com",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Secondary"
            }
          ]
        },
        "published": "2020-08-17T19:15:14.740",
        "references": [
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Patch",
              "Vendor Advisory"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1455"
          }
        ],
        "sourceIdentifier": "secure@microsoft.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.