Skip to main content

Unprotected Alternate Channel

CVE-2024-0056

Severity High
Score 8.7/10

Summary

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability. This issue affects Microsoft.Data.SqlClient versions through 2.1.6, 3.0.0-preview1 through 3.1.4, 4.0.0-preview1 through 4.0.4, 5.0.0-preview1 through 5.1.2, and 5.2.0-preview1 through 5.2.0-preview4 and System.Data.SqlClient versions through 4.8.5.

  • HIGH
  • NETWORK
  • HIGH
  • CHANGED
  • NONE
  • NONE
  • HIGH
  • NONE

CWE-420 - Unprotected Alternate Channel

The software protects a primary channel, but it does not use the same level of protection for an alternate channel.

Advisory Timeline

  • Published