Unrated severityCISA KEVNVD Advisory· Published Feb 11, 2020· Updated Jan 12, 2026
CVE-2020-0618
CVE-2020-0618
Description
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
Affected products
6- Microsoft/Microsoft SQL Serverv5Range: 2012 for 32-bit Systems Service Pack 4 (QFE)
- Microsoft/Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR)v5Range: unspecified
- Microsoft/Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU)v5Range: unspecified
- Microsoft/Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)v5Range: unspecified
- Microsoft/Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR)v5Range: unspecified
- Microsoft/Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU)v5Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.htmlmitrex_refsource_MISC
- packetstormsecurity.com/files/159216/Microsoft-SQL-Server-Reporting-Services-2016-Remote-Code-Execution.htmlmitrex_refsource_MISC
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.