CVE-2002-0645

SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-038
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-038

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:data_engine:2000:::::::*
	cpe:2.3:a:microsoft:sql_server:2000:::::::*

History

20 Nov 2024, 23:39

Type	Values Removed	Values Added
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-038 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-038 -

Information

Published : 2002-08-12 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2002-0645

Mitre link : CVE-2002-0645

CVE.ORG link : CVE-2002-0645

JSON object : View

Products Affected

microsoft

data_engine
sql_server

CWE

NVD-CWE-Other

{"id": "CVE-2002-0645", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2002-08-12T04:00:00.000", "references": [{"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-038", "source": "cve@mitre.org"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-038", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de SQL en procedimientos almacenados en Microsoft SQL Server 2000 y Microsoft Desktop engine (MSDE) 2000 puede que permita a usuarios autenticados ejecutar comandos arbitrarios."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:data_engine:2000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51ABD323-BF3F-4825-8788-8FCD614E83E4"}, {"criteria": "cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5D559EE-727C-405C-987C-247973A84D32"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10