The Microsoft SQL Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities:

  - A remote code execution vulnerability. An attacker can     exploit this to bypass authentication and execute     unauthorized arbitrary commands. (CVE-2024-38255,     CVE-2024-43459, CVE-2024-43462, CVE-2024-48993,     CVE-2024-48994, CVE-2024-48995, CVE-2024-48996,     CVE-2024-48997, CVE-2024-48998, CVE-2024-48999,     CVE-2024-49000, CVE-2024-49001, CVE-2024-49002,     CVE-2024-49003, CVE-2024-49004, CVE-2024-49005,     CVE-2024-49006, CVE-2024-49007, CVE-2024-49008,     CVE-2024-49009, CVE-2024-49010, CVE-2024-49011,     CVE-2024-49012, CVE-2024-49013, CVE-2024-49014,     CVE-2024-49015, CVE-2024-49016, CVE-2024-49017,     CVE-2024-49018, CVE-2024-49021, CVE-2024-49043)

Detections

Analytics

Security Updates for Microsoft SQL Server (November 2024)

high Nessus Plugin ID 211472

Version 1.3

Version 1.2

Version 1.1

Version 1.3 Nov 18, 2024, 8:22 PM IAVM reference STIG Severity (set to "I") Plugin Feed: 202411182022
Version 1.2 Nov 18, 2024, 7:31 AM CVSS metrics ("CVSSv2 score" set to 10.0) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2024-49017" to "CVE-2024-49018") Exploit attributes ("Exploit available" set to "False") Exploit attributes ("Exploitability ease" set to "No known exploits are available") Plugin Feed: 202411180731
Version 1.1 Nov 15, 2024, 9:33 PM New Plugin Feed: 202411152133