Critical severity9.8NVD Advisory· Published Jun 22, 2017· Updated May 13, 2026

CVE-2015-9098

Description

In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges).

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.red-gate.com/products/dba/sql-monitor/entrypage/security-vulnerabilitynvdVendor Advisory
www.exploit-db.com/exploits/42444/nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.032
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000