Published: 22/06/2017 Updated: 04/08/2020

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

In Redgate SQL Monitor prior to 3.10 and 4.x prior to 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges).

Vulnerable Product	Search on Vulmon	Subscribe to Product
red-gate sql monitor
red-gate sql monitor 4.0
red-gate sql monitor 4.1

# Exploit Title: Red-Gate SQL Monitor authentication bypass # Version: Redgate SQL Monitor before 310 and 4x before 42 # Date: 2017-08-10 # Red-Gate made a security announcement and publicly released the fixed version more than two years before this exploit was published # Vendor Advisory: wwwred-gatecom/products/dba/sql-monitor/entrypa ...

Red-Gate SQL Monitor versions prior to 310 and 42 suffers from an authentication bypass vulnerability ...

CWE-89 http://www.red-gate.com/products/dba/sql-monitor/entrypage/security-vulnerability https://www.exploit-db.com/exploits/42444/https://nvd.nist.gov https://www.exploit-db.com/exploits/42444/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-9098

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect