CVE-2023-21713 HIGH

CVE-2023-21713: Microsoft SQL Server Remote Code Execution Vulnerability

Vendor Microsoft
Product Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack
Weakness CWE-502 · Unsafe deserialization
Published February 14, 2023
Last update January 1, 2025
View on NVD All CVEs

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

What the vulnerability does

01Description

Microsoft SQL Server Remote Code Execution Vulnerability

Key dates

02Disclosure timeline

February 14, 2023 CVE published
January 1, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-22248 GLPI affected by Remote Code Execution via malicious upload CVE-2024-0692 SolarWinds Security Event Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability CVE-2025-60084 WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.5.0 - PHP Object Injection vulnerability CVE-2026-32513 WordPress JS Archive List plugin <= 6.1.7 - PHP Object Injection vulnerability CVE-2018-15381 Cisco Unity Express Arbitrary Command Execution Vulnerability