CVE-2024-43468Microsoft Configuration Manager SQL Injection Vulnerability

PUBLISHEDvulnerability record
2026-02-12 · last modified February 12, 2026

Metadata

CVE ID:
CVE-2024-43468
项目:
Microsoft
产品:
Configuration Manager
添加日期:
2026-02-12
到期日:
2026-03-05
最后更新:
February 12, 2026

漏洞名称

Microsoft Configuration Manager SQL Injection Vulnerability

描述

Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.

已知用于勒索软件活动吗?

勒索软件状态:
Unknown

采集行动

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

其他说明

相关新闻文章

相关 CWE