Security scan on sql_server_2019_express_x64_ENU.exe identified a vulnerability CVE-2018-8292

Gangaraj, Vinay (CSW) 1 Reputation point
2021-11-24T07:18:59.607+00:00

CVE-2018-8292 description: An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.

Path(s) within file matching detected library:
/Program Files/Microsoft SQL Server/150/DTS/Extensions/Common/System.Net.Http.Formatting.dll

Steps to Reproduce: - Run a security scan using security scanning tool.

Is there any patch present for server 2019 express which has a fix for this vulnerability ? Please let me know.
If this is not the right forum then please suggest me the right place where I would be getting resolution for this vulnerability.

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
12,706 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. CathyJi-MSFT 21,091 Reputation points Microsoft Vendor
    2021-11-24T07:47:42.48+00:00

    Hi @Gangaraj, Vinay (CSW) ,

    Please apply the latest CU14 for SQL server 2019 Express, this update contains all fixes that were released after the initial release of SQL Server 2019. If it is not work, please feel free to let us know.

    Cumulative Update Package 14 for SQL Server 2019 - KB5007182

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    0 comments