SQL Server Reporting Services RCE Vulnerability (CVE-2020-0618) Scanner

If you are using SQL Server Reporting Services, it is better to check your system if any vulnerability exists.

Details
Stay Up To Date
Asset Type

domain,ip

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

30

SQL Server Reporting Services RCE Vulnerability (CVE-2020-0618) Scanner Detail

If you are using SQL Server Reporting Services, it is better to check your system if any vulnerability exists.

What is SQL Server Reporting Services?

SQL Server Reporting Services (SSRS) provides a set of on-premises tools and services that create, deploy, and manage mobile and paginated reports.

Vulnerability

Functionality within the SSRS web application allowed low privileged user accounts to run code on the server by exploiting a deserialisation issue. Although the application was only accessible to authorised users, the lowest privilege (the Browser role) was sufficient in order to exploit this issue.

Some Advice for Common Problems

Apply the February 2020 patch on the server. It should be noted that attackers can easily encode their requests to evade web application firewalls. As a result, patching would be the only robust option to stop this vulnerability.

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service