CVE-2023-36730 - Vulnerability Details

Vendors	Products
Microsoft	Odbc Driver For Sql Server Sql Server

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:::::::* cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:::::::*
Vendors & Products	Microsoft odbc Driver 17 For Sql Server Microsoft odbc Driver 18 For Sql Server

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-36730", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2023-06-26T13:29:45.604Z", "datePublished": "2023-10-10T17:07:31.809Z", "dateUpdated": "2025-04-14T22:45:59.713Z"}, "containers": {"cna": {"title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "datePublic": "2023-10-10T07:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.0.2104.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.1105.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.0.0.0", "versionEndExcluding": "17.10.5.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.0.0.0", "versionEndExcluding": "17.10.5.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.0.0.0", "versionEndExcluding": "17.10.5.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "18.0.0.0", "versionEndExcluding": "18.3.2.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "18.0.0.0", "versionEndExcluding": "18.3.2.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "18.0.0.0", "versionEndExcluding": "18.3.2.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "16.0.4080.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.0.4326.1"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft SQL Server 2019 (GDR)", "platforms": ["x64-based Systems"], "versions": [{"version": "15.0.0", "lessThan": "15.0.2104.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2022 (GDR)", "platforms": ["x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "16.0.1105.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "platforms": ["Unknown"], "versions": [{"version": "17.0.0.0", "lessThan": "17.10.5.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "platforms": ["Unknown"], "versions": [{"version": "17.0.0.0", "lessThan": "17.10.5.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "platforms": ["Unknown"], "versions": [{"version": "17.0.0.0", "lessThan": "17.10.5.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "platforms": ["Unknown"], "versions": [{"version": "18.0.0.0", "lessThan": "18.3.2.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "platforms": ["Unknown"], "versions": [{"version": "18.0.0.0", "lessThan": "18.3.2.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "platforms": ["Unknown"], "versions": [{"version": "18.0.0.0", "lessThan": "18.3.2.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2022 (CU 8)", "platforms": ["x64-based Systems"], "versions": [{"version": "15.0.0", "lessThan": "16.0.4080.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2019 (CU 22)", "platforms": ["x64-based Systems"], "versions": [{"version": "15.0.0", "lessThan": "15.0.4326.1", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE", "cweId": "CWE-122"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-04-14T22:45:59.713Z"}, "references": [{"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:52:54.089Z"}, "title": "CVE Program Container", "references": [{"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "x_transferred"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-26T21:50:10.793075Z", "id": "CVE-2023-36730", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-27T20:44:39.623Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-36730 (string)

assignerOrgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

state : PUBLISHED (string)

assignerShortName : microsoft (string)

dateReserved : 2023-06-26T13:29:45.604Z (string)

datePublished : 2023-10-10T17:07:31.809Z (string)

dateUpdated : 2025-04-14T22:45:59.713Z (string)

}

containers : { »

cna : { »

title : Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability (string)

datePublic : 2023-10-10T07:00:00.000Z (string)

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

operator : OR (string)

negate : false (boolean)

cpeMatch : [ »

0 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:* (string)

versionStartIncluding : 15.0.0 (string)

versionEndExcluding : 15.0.2104.1 (string)

}

1 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:* (string)

versionStartIncluding : 16.0.0 (string)

versionEndExcluding : 16.0.1105.1 (string)

}

2 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 17.0.0.0 (string)

versionEndExcluding : 17.10.5.1 (string)

}

3 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 17.0.0.0 (string)

versionEndExcluding : 17.10.5.1 (string)

}

4 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 17.0.0.0 (string)

versionEndExcluding : 17.10.5.1 (string)

}

5 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 18.0.0.0 (string)

versionEndExcluding : 18.3.2.1 (string)

}

6 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 18.0.0.0 (string)

versionEndExcluding : 18.3.2.1 (string)

}

7 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 18.0.0.0 (string)

versionEndExcluding : 18.3.2.1 (string)

}

8 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:* (string)

versionStartIncluding : 15.0.0 (string)

versionEndExcluding : 16.0.4080.1 (string)

}

9 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:* (string)

versionStartIncluding : 15.0.0 (string)

versionEndExcluding : 15.0.4326.1 (string)

}

]

}

]

}

]

affected : [ »

0 : { »

vendor : Microsoft (string)

product : Microsoft SQL Server 2019 (GDR) (string)

platforms : [ »

0 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 15.0.0 (string)

lessThan : 15.0.2104.1 (string)

versionType : custom (string)

status : affected (string)

}

]

}

1 : { »

vendor : Microsoft (string)

product : Microsoft SQL Server 2022 (GDR) (string)

platforms : [ »

0 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 16.0.0 (string)

lessThan : 16.0.1105.1 (string)

versionType : custom (string)

status : affected (string)

}

]

}

2 : { »

vendor : Microsoft (string)

product : Microsoft ODBC Driver 17 for SQL Server on Windows (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 17.0.0.0 (string)

lessThan : 17.10.5.1 (string)

versionType : custom (string)

status : affected (string)

}

]

}

3 : { »

vendor : Microsoft (string)

product : Microsoft ODBC Driver 17 for SQL Server on Linux (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 17.0.0.0 (string)

lessThan : 17.10.5.1 (string)

versionType : custom (string)

status : affected (string)

}

]

}

4 : { »

vendor : Microsoft (string)

product : Microsoft ODBC Driver 17 for SQL Server on MacOS (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 17.0.0.0 (string)

lessThan : 17.10.5.1 (string)

versionType : custom (string)

status : affected (string)

}

]

}

5 : { »

vendor : Microsoft (string)

product : Microsoft ODBC Driver 18 for SQL Server on Windows (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 18.0.0.0 (string)

lessThan : 18.3.2.1 (string)

versionType : custom (string)

status : affected (string)

}

]

}

6 : { »

vendor : Microsoft (string)

product : Microsoft ODBC Driver 18 for SQL Server on Linux (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 18.0.0.0 (string)

lessThan : 18.3.2.1 (string)

versionType : custom (string)

status : affected (string)

}

]

}

7 : { »

vendor : Microsoft (string)

product : Microsoft ODBC Driver 18 for SQL Server on MacOS (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 18.0.0.0 (string)

lessThan : 18.3.2.1 (string)

versionType : custom (string)

status : affected (string)

}

]

}

8 : { »

vendor : Microsoft (string)

product : Microsoft SQL Server 2022 (CU 8) (string)

platforms : [ »

0 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 15.0.0 (string)

lessThan : 16.0.4080.1 (string)

versionType : custom (string)

status : affected (string)

}

]

}

9 : { »

vendor : Microsoft (string)

product : Microsoft SQL Server 2019 (CU 22) (string)

platforms : [ »

0 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 15.0.0 (string)

lessThan : 15.0.4326.1 (string)

versionType : custom (string)

status : affected (string)

}

]

}

]

descriptions : [ »

0 : { »

value : Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability (string)

lang : en-US (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : CWE-122: Heap-based Buffer Overflow (string)

lang : en-US (string)

type : CWE (string)

cweId : CWE-122 (string)

}

]

}

]

providerMetadata : { »

orgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

shortName : microsoft (string)

dateUpdated : 2025-04-14T22:45:59.713Z (string)

}

references : [ »

0 : { »

name : Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730 (string)

}

]

metrics : [ »

0 : { »

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en-US (string)

value : GENERAL (string)

}

]

cvssV3_1 : { »

version : 3.1 (string)

baseSeverity : HIGH (string)

baseScore : 7.8 (number)

vectorString : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T16:52:54.089Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730 (string)

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2025-02-26T21:50:10.793075Z (string)

id : CVE-2023-36730 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-02-27T20:44:39.623Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730", "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:52:54.089Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-36730", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-26T21:50:10.793075Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-26T19:58:29.908Z"}}], "cna": {"title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft SQL Server 2019 (GDR)", "versions": [{"status": "affected", "version": "15.0.0", "lessThan": "15.0.2104.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2022 (GDR)", "versions": [{"status": "affected", "version": "16.0.0", "lessThan": "16.0.1105.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "versions": [{"status": "affected", "version": "17.0.0.0", "lessThan": "17.10.5.1", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "versions": [{"status": "affected", "version": "17.0.0.0", "lessThan": "17.10.5.1", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "versions": [{"status": "affected", "version": "17.0.0.0", "lessThan": "17.10.5.1", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "versions": [{"status": "affected", "version": "18.0.0.0", "lessThan": "18.3.2.1", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "versions": [{"status": "affected", "version": "18.0.0.0", "lessThan": "18.3.2.1", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "versions": [{"status": "affected", "version": "18.0.0.0", "lessThan": "18.3.2.1", "versionType": "custom"}], "platforms": ["Unknown"]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2022 (CU 8)", "versions": [{"status": "affected", "version": "15.0.0", "lessThan": "16.0.4080.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2019 (CU 22)", "versions": [{"status": "affected", "version": "15.0.0", "lessThan": "15.0.4326.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}], "datePublic": "2023-10-10T07:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730", "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "15.0.2104.1", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "16.0.1105.1", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "17.10.5.1", "versionStartIncluding": "17.0.0.0"}, {"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "17.10.5.1", "versionStartIncluding": "17.0.0.0"}, {"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "17.10.5.1", "versionStartIncluding": "17.0.0.0"}, {"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "18.3.2.1", "versionStartIncluding": "18.0.0.0"}, {"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "18.3.2.1", "versionStartIncluding": "18.0.0.0"}, {"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "18.3.2.1", "versionStartIncluding": "18.0.0.0"}, {"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "16.0.4080.1", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "15.0.4326.1", "versionStartIncluding": "15.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-04-14T22:45:59.713Z"}}}, "cveMetadata": {"cveId": "CVE-2023-36730", "state": "PUBLISHED", "dateUpdated": "2025-04-14T22:45:59.713Z", "dateReserved": "2023-06-26T13:29:45.604Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2023-10-10T17:07:31.809Z", "assignerShortName": "microsoft"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730 (string)

name : Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T16:52:54.089Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-36730 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2025-02-26T21:50:10.793075Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-02-26T19:58:29.908Z (string)

}

]

cna : { »

title : Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability (string)

metrics : [ »

0 : { »

format : CVSS (string)

cvssV3_1 : { »

version : 3.1 (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C (string)

}

scenarios : [ »

0 : { »

lang : en-US (string)

value : GENERAL (string)

}

]

}

]

affected : [ »

0 : { »

vendor : Microsoft (string)

product : Microsoft SQL Server 2019 (GDR) (string)

versions : [ »

0 : { »

status : affected (string)

version : 15.0.0 (string)

lessThan : 15.0.2104.1 (string)

versionType : custom (string)

}

]

platforms : [ »

0 : x64-based Systems (string)

]

}

1 : { »

vendor : Microsoft (string)

product : Microsoft SQL Server 2022 (GDR) (string)

versions : [ »

0 : { »

status : affected (string)

version : 16.0.0 (string)

lessThan : 16.0.1105.1 (string)

versionType : custom (string)

}

]

platforms : [ »

0 : x64-based Systems (string)

]

}

2 : { »

vendor : Microsoft (string)

product : Microsoft ODBC Driver 17 for SQL Server on Windows (string)

versions : [ »

0 : { »

status : affected (string)

version : 17.0.0.0 (string)

lessThan : 17.10.5.1 (string)

versionType : custom (string)

}

]

platforms : [ »

0 : Unknown (string)

]

}

3 : { »

vendor : Microsoft (string)

product : Microsoft ODBC Driver 17 for SQL Server on Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 17.0.0.0 (string)

lessThan : 17.10.5.1 (string)

versionType : custom (string)

}

]

platforms : [ »

0 : Unknown (string)

]

}

4 : { »

vendor : Microsoft (string)

product : Microsoft ODBC Driver 17 for SQL Server on MacOS (string)

versions : [ »

0 : { »

status : affected (string)

version : 17.0.0.0 (string)

lessThan : 17.10.5.1 (string)

versionType : custom (string)

}

]

platforms : [ »

0 : Unknown (string)

]

}

5 : { »

vendor : Microsoft (string)

product : Microsoft ODBC Driver 18 for SQL Server on Windows (string)

versions : [ »

0 : { »

status : affected (string)

version : 18.0.0.0 (string)

lessThan : 18.3.2.1 (string)

versionType : custom (string)

}

]

platforms : [ »

0 : Unknown (string)

]

}

6 : { »

vendor : Microsoft (string)

product : Microsoft ODBC Driver 18 for SQL Server on Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 18.0.0.0 (string)

lessThan : 18.3.2.1 (string)

versionType : custom (string)

}

]

platforms : [ »

0 : Unknown (string)

]

}

7 : { »

vendor : Microsoft (string)

product : Microsoft ODBC Driver 18 for SQL Server on MacOS (string)

versions : [ »

0 : { »

status : affected (string)

version : 18.0.0.0 (string)

lessThan : 18.3.2.1 (string)

versionType : custom (string)

}

]

platforms : [ »

0 : Unknown (string)

]

}

8 : { »

vendor : Microsoft (string)

product : Microsoft SQL Server 2022 (CU 8) (string)

versions : [ »

0 : { »

status : affected (string)

version : 15.0.0 (string)

lessThan : 16.0.4080.1 (string)

versionType : custom (string)

}

]

platforms : [ »

0 : x64-based Systems (string)

]

}

9 : { »

vendor : Microsoft (string)

product : Microsoft SQL Server 2019 (CU 22) (string)

versions : [ »

0 : { »

status : affected (string)

version : 15.0.0 (string)

lessThan : 15.0.4326.1 (string)

versionType : custom (string)

}

]

platforms : [ »

0 : x64-based Systems (string)

]

}

]

datePublic : 2023-10-10T07:00:00.000Z (string)

references : [ »

0 : { »

url : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730 (string)

name : Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability (string)

tags : [ »

0 : vendor-advisory (string)

]

}

]

descriptions : [ »

0 : { »

lang : en-US (string)

value : Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en-US (string)

type : CWE (string)

cweId : CWE-122 (string)

description : CWE-122: Heap-based Buffer Overflow (string)

}

]

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

negate : false (boolean)

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:* (string)

vulnerable : true (boolean)

versionEndExcluding : 15.0.2104.1 (string)

versionStartIncluding : 15.0.0 (string)

}

1 : { »

criteria : cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:* (string)

vulnerable : true (boolean)

versionEndExcluding : 16.0.1105.1 (string)

versionStartIncluding : 16.0.0 (string)

}

2 : { »

criteria : cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 17.10.5.1 (string)

versionStartIncluding : 17.0.0.0 (string)

}

3 : { »

criteria : cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 17.10.5.1 (string)

versionStartIncluding : 17.0.0.0 (string)

}

4 : { »

criteria : cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 17.10.5.1 (string)

versionStartIncluding : 17.0.0.0 (string)

}

5 : { »

criteria : cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 18.3.2.1 (string)

versionStartIncluding : 18.0.0.0 (string)

}

6 : { »

criteria : cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 18.3.2.1 (string)

versionStartIncluding : 18.0.0.0 (string)

}

7 : { »

criteria : cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 18.3.2.1 (string)

versionStartIncluding : 18.0.0.0 (string)

}

8 : { »

criteria : cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:* (string)

vulnerable : true (boolean)

versionEndExcluding : 16.0.4080.1 (string)

versionStartIncluding : 15.0.0 (string)

}

9 : { »

criteria : cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:* (string)

vulnerable : true (boolean)

versionEndExcluding : 15.0.4326.1 (string)

versionStartIncluding : 15.0.0 (string)

}

]

operator : OR (string)

}

]

}

]

providerMetadata : { »

orgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

shortName : microsoft (string)

dateUpdated : 2025-04-14T22:45:59.713Z (string)

}

cveMetadata : { »

cveId : CVE-2023-36730 (string)

state : PUBLISHED (string)

dateUpdated : 2025-04-14T22:45:59.713Z (string)

dateReserved : 2023-06-26T13:29:45.604Z (string)

assignerOrgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

datePublished : 2023-10-10T17:07:31.809Z (string)

assignerShortName : microsoft (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", "matchCriteriaId": "FEE52D75-0785-47A8-A024-14A83B9732A6", "versionEndExcluding": "17.10.5.1", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", "matchCriteriaId": "5C5B4D78-6EA4-41E6-A403-2D018D9F0692", "versionEndExcluding": "17.10.5.1", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", "matchCriteriaId": "CC490F0A-842A-4590-8CAC-07BB599D8F4F", "versionEndExcluding": "17.10.5.1", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", "matchCriteriaId": "90718D50-D4D8-4949-ADB3-310879B2A574", "versionEndExcluding": "18.3.2.1", "versionStartIncluding": "18.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", "matchCriteriaId": "C9BEA137-3C0A-472A-9A5B-428E00302626", "versionEndExcluding": "18.3.2.1", "versionStartIncluding": "18.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", "matchCriteriaId": "2EDAA3E7-9DA2-4C2F-B626-60A747015FE8", "versionEndExcluding": "18.3.2.1", "versionStartIncluding": "18.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*", "matchCriteriaId": "9144F644-A3D4-440C-8978-257E71204617", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*", "matchCriteriaId": "6CB7AD22-F27B-4807-88F1-02ED420421D5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft ODBC Driver para SQL Server "}], "id": "CVE-2023-36730", "lastModified": "2024-11-21T08:10:28.543", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Secondary"}]}, "published": "2023-10-10T18:15:17.160", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "secure@microsoft.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:* (string)

matchCriteriaId : FEE52D75-0785-47A8-A024-14A83B9732A6 (string)

versionEndExcluding : 17.10.5.1 (string)

versionStartIncluding : 17.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:* (string)

matchCriteriaId : 5C5B4D78-6EA4-41E6-A403-2D018D9F0692 (string)

versionEndExcluding : 17.10.5.1 (string)

versionStartIncluding : 17.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:* (string)

matchCriteriaId : CC490F0A-842A-4590-8CAC-07BB599D8F4F (string)

versionEndExcluding : 17.10.5.1 (string)

versionStartIncluding : 17.0 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:* (string)

matchCriteriaId : 90718D50-D4D8-4949-ADB3-310879B2A574 (string)

versionEndExcluding : 18.3.2.1 (string)

versionStartIncluding : 18.0 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:* (string)

matchCriteriaId : C9BEA137-3C0A-472A-9A5B-428E00302626 (string)

versionEndExcluding : 18.3.2.1 (string)

versionStartIncluding : 18.0 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:* (string)

matchCriteriaId : 2EDAA3E7-9DA2-4C2F-B626-60A747015FE8 (string)

versionEndExcluding : 18.3.2.1 (string)

versionStartIncluding : 18.0 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:* (string)

matchCriteriaId : 9144F644-A3D4-440C-8978-257E71204617 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:* (string)

matchCriteriaId : 6CB7AD22-F27B-4807-88F1-02ED420421D5 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability (string)

}

1 : { »

lang : es (string)

value : Vulnerabilidad de ejecución remota de código en Microsoft ODBC Driver para SQL Server (string)

}

]

id : CVE-2023-36730 (string)

lastModified : 2024-11-21T08:10:28.543 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : secure@microsoft.com (string)

type : Secondary (string)

}

]

}

published : 2023-10-10T18:15:17.160 (string)

references : [ »

0 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730 (string)

}

]

sourceIdentifier : secure@microsoft.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-122 (string)

}

]

source : secure@microsoft.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object