Microsoft SQL Server Management Studio (SSMS) Incorrect Permission Assignment for Critical Resource Vulnerability

Summary

Microsoft SQL Server Management Studio (SSMS) suffers from incorrect permission assignment for critical resource vulnerability

Credit:

The information has been provided by Debashish Swain

The original article can be found at:  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1313


Details

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions. An attacker could exploit the vulnerability if the attacker’s credentials allow access to an affected SQL server database.

Vulnerable Systems:

Microsoft SQL Server Management Studio (SSMS) 

CVE Information:

CVE-2019-1313

Disclosure Timeline:
Published Date:10/10/2019