SQL Injection Vulnerability in MDT AutoSave Versions Prior to v6.02.06

SQL Injection Vulnerability in MDT AutoSave Versions Prior to v6.02.06

CVE-2021-32953 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.