{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Der Microsoft SQL Server ist ein relationales Datenbankmanagementsystem von Microsoft.\r\nDer Microsoft SQL Server ist ein relationales Datenbankmanagementsystem von Microsoft.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein Angreifer kann mehrere Schwachstellen in Microsoft SQL Server 2017, Microsoft SQL Server 2019, Microsoft SQL Server 2016 und Microsoft SQL Server 2022 ausnutzen, um beliebigen Programmcode auszuführen, und um seine Privilegien zu erhöhen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-1103 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1103.json" }, { "category" : "self", "summary" : "WID-SEC-2026-1103 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1103" }, { "category" : "external", "summary" : "Microsoft Leitfaden für Sicherheitsupdates", "url" : "https://msrc.microsoft.com/update-guide/" } ], "source_lang" : "en-US", "title" : "Microsoft SQL Server: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2026-04-14T22:00:00.000+00:00", "generator" : { "date" : "2026-04-15T07:14:14.925+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.5.0" } }, "id" : "WID-SEC-W-2026-1103", "initial_release_date" : "2026-04-14T22:00:00.000+00:00", "revision_history" : [ { "date" : "2026-04-14T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" } ], "status" : "final", "version" : "1" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_version", "name" : "SP3 (GDR)", "product" : { "name" : "Microsoft SQL Server 2016 SP3 (GDR)", "product_id" : "T051532", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:sql_server_2016:sp3_%28gdr%29" } } }, { "category" : "product_version", "name" : "SP3 Azure Connect Feature Pack", "product" : { "name" : "Microsoft SQL Server 2016 SP3 Azure Connect Feature Pack", "product_id" : "T051533", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:sql_server_2016:sp3_azure_connect_feature_pack" } } } ], "category" : "product_name", "name" : "SQL Server 2016" }, { "branches" : [ { "category" : "product_version", "name" : "(GDR)", "product" : { "name" : "Microsoft SQL Server 2017 (GDR)", "product_id" : "T051530", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:sql_server_2017:%28gdr%29" } } }, { "category" : "product_version", "name" : "(CU 31)", "product" : { "name" : "Microsoft SQL Server 2017 (CU 31)", "product_id" : "T051534", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:sql_server_2017:%28cu_31%29" } } } ], "category" : "product_name", "name" : "SQL Server 2017" }, { "branches" : [ { "category" : "product_version", "name" : "(GDR)", "product" : { "name" : "Microsoft SQL Server 2019 (GDR)", "product_id" : "T051531", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:sql_server_2019:%28gdr%29" } } }, { "category" : "product_version", "name" : "(CU 32)", "product" : { "name" : "Microsoft SQL Server 2019 (CU 32)", "product_id" : "T051536", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:sql_server_2019:%28cu_32%29" } } } ], "category" : "product_name", "name" : "SQL Server 2019" }, { "branches" : [ { "category" : "product_version", "name" : "(CU 24)", "product" : { "name" : "Microsoft SQL Server 2022 (CU 24)", "product_id" : "T034023", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:sql_server_2022:cu_12" } } }, { "category" : "product_version", "name" : "(GDR)", "product" : { "name" : "Microsoft SQL Server 2022 (GDR)", "product_id" : "T051535", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:sql_server_2022:%28gdr%29" } } } ], "category" : "product_name", "name" : "SQL Server 2022" } ], "category" : "vendor", "name" : "Microsoft" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-32167", "product_status" : { "known_affected" : [ "T051536", "T051534", "T051535", "T051532", "T051533", "T051530", "T051531", "T034023" ] }, "release_date" : "2026-04-14T22:00:00.000+00:00", "title" : "CVE-2026-32167" }, { "cve" : "CVE-2026-32176", "product_status" : { "known_affected" : [ "T051536", "T051534", "T051535", "T051532", "T051533", "T051530", "T051531", "T034023" ] }, "release_date" : "2026-04-14T22:00:00.000+00:00", "title" : "CVE-2026-32176" }, { "cve" : "CVE-2026-33120", "product_status" : { "known_affected" : [ "T051536", "T051534", "T051535", "T051532", "T051533", "T051530", "T051531", "T034023" ] }, "release_date" : "2026-04-14T22:00:00.000+00:00", "title" : "CVE-2026-33120" } ] }