Why don't you simply look it up on your own?
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1636
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
CVE-2021-1636 description: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
Path within file matching detected library:
/Program Files/Microsoft SQL Server/MSSQL.X/MSSQL/Binn/sqllang.dll
/Program Files/Microsoft SQL Server/MSSQL.X/MSSQL/Binn/sqlmin.dll
In the below link we have the SQL Server with security updates,
but how do we get to know which SQL Server version has fix for it since all version addressed the same vulnerability?
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1636
Steps to Reproduce: - Run a security scan using security scanning tool.
Please let me know if there is any patch present for SQL Server 2019 express which has a fix for this vulnerability.
Why don't you simply look it up on your own?
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1636
Hi DKHarini-7698,
It has been fixed in the KB4583458 – the security update for SQL Server 2019 GDR and KB4583459 - the security update for SQL Server 2019 CU8.
Best Regards,
Amelia
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Well, it is listed in the document you link to....
But apart from that, download and install the most recent Cumulative Update for SQL 2019 which is CU14, and you should be fine.