products / mssql
Microsoft SQL Server
SQL Server is Microsoft's flagship relational engine. NVD lists it as microsoft:sql_server with dotted build numbers (e.g. 15.0.4123.1), not marketing years alone. Pass the same build string you use in SELECT @@VERSION parsing.
api usage
Querying SQL Server
product slug
mssqlversion format
15.0.4123.1bash
curl "https://api.attestd.io/v1/check?product=mssql&version=15.0.4123.1" \
-H "Authorization: Bearer $ATTESTD_KEY"Spot-check CVE-2023-36728 (denial of service class). Pass dotted build numbers from @@VERSION; the API maps major versions (e.g. 15.x → 2019 train) when matching NVD year-keyed ranges. Illustrative JSON below — replace with live /v1/check output after deployment.
json
{
"product": "mssql",
"version": "15.0.4123.1",
"supported": true,
"risk_state": "elevated",
"risk_factors": ["remote_exploitable", "patch_available"],
"actively_exploited": false,
"remote_exploitable": true,
"authentication_required": true,
"patch_available": true,
"fixed_version": "15.0.4153.1",
"confidence": 0.83,
"cve_ids": ["CVE-2023-36728"],
"last_updated": "2026-04-03T00:00:00Z"
}cleaner line
Newer build
bash
curl "https://api.attestd.io/v1/check?product=mssql&version=16.0.1000.1" \
-H "Authorization: Bearer $ATTESTD_KEY"notable cves
CVE history
| CVE | Description | Affects | CVSS |
|---|---|---|---|
CVE-2023-36728 | SQL Server engine denial of service / stability issue. | 2019 CU line (see NVD) | 7.5 |
CVE-2024-21315 | SQL Server remote code execution (patch cycle). | 2022, 2019 | 8.8 |
CVE-2023-21528 | Elevation of privilege in SQL Server components. | 2019, 2022 | 8.8 |
CVE-2022-41064 | Information disclosure via SQL Server protocol paths. | 2019, 2022 | 7.5 |
CVE-2021-1636 | SQL Server reporting services vulnerability chain. | 2019 | 8.8 |
related