CVE-2019-1376

MEDIUM

Microsoft SQL Server Management Studio - Info Disclosure

Title source: llm

Description

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1313.

References (1)

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1376

Scores

CVSS v3 6.5

EPSS 0.0757

EPSS Percentile 91.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-755

Status published

Affected Products (1)

microsoft/sql_server_management_studio

Timeline

Published Oct 10, 2019

Tracked Since Feb 18, 2026