COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2024-43468

CVE-2024-43468

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-02-12
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-43468
⌖ exploited in the wild shame 50/100 exploited-in-wild

Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands

Players implicated

Microsoft · vendorConfiguration Manager · product

Description

Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.

Affected FedRAMP products 4 in the catalog

ProductProviderStatusMatch
Azure Commercial Cloud Microsoft Authorized vendor-exact · 0.90
Azure Government (includes Dynamics 365) Microsoft Authorized vendor-exact · 0.90
Microsoft Office 365 GCC High Microsoft In Process vendor-exact · 0.90
Office 365 Multi-Tenant & Supporting Services Microsoft Authorized vendor-exact · 0.90