Unprotected Alternate Channel
CVE-2024-0056
Summary
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability. This issue affects Microsoft.Data.SqlClient versions through 2.1.6, 3.0.0-preview1 through 3.1.4, 4.0.0-preview1 through 4.0.4, 5.0.0-preview1 through 5.1.2, and 5.2.0-preview1 through 5.2.0-preview4 and System.Data.SqlClient versions through 4.8.5.
- HIGH
- NETWORK
- HIGH
- CHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-420 - Unprotected Alternate Channel
The software protects a primary channel, but it does not use the same level of protection for an alternate channel.
References
Advisory Timeline
- Published