CVE-2017-8516
HIGHMicrosoft SQL Server 2012, 2014, and 2016 - Information Disclosure via Improper Permission Enforcement
Title source: llmDescription
Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability".
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8516
URL Repurposed vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039110
Third Party Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100041
Scores
CVSS v3
7.5
EPSS
0.0160
EPSS Percentile
81.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (4)
microsoft/sql_server
2012 sp3
microsoft/sql_server
2014 sp1 (2 CPE variants)
microsoft/sql_server
2016 (2 CPE variants)
Microsoft Corporation/SQL Server
Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016
Published
Aug 08, 2017
Tracked Since
Feb 18, 2026