Main Vulnerability Database Exploits ID:6114 - Exploit for XXE attack in Microsoft SQL Server Management Studio - CVE-2018-8532

ID:6114 - Exploit for XXE attack in Microsoft SQL Server Management Studio - CVE-2018-8532

Published: June 17, 2021

Vulnerability identifier: #VU15262

Vulnerability risk: Low

CVE-ID: CVE-2018-8532

CWE-ID: CWE-611

Exploitation vector: Remote access

Vulnerable software:
Microsoft SQL Server Management Studio

Link to public exploit:

https://www.exploit-db.com/exploits/45587/

Vulnerability description

The vulnerability allows a remote attacker to conduct XXE-attack.

The vulnerability exists due to an error when parsing a malicious XMLA file containing a reference to an external entity. A remote attacker can trick the victim into opening a specially crafted XML file and gain access to potentially sensitive information.

Remediation

Install updates from vendor's website.

ID:6114 - Exploit for XXE attack in Microsoft SQL Server Management Studio - CVE-2018-8532

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human