{"data":{"id":"46917cab-3d17-445e-ac57-b6070b96bc3c","title":"CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability","summary":"Microsoft Configuration Manager has an SQL injection vulnerability (a type of attack where specially crafted input tricks a database into running unintended commands), allowing unauthenticated attackers to send malicious requests that could let them execute commands on the server or database. This vulnerability is currently being actively exploited by real attackers.","solution":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-43468","publishedAt":"2026-02-12T00:00:00.000Z","cveId":"CVE-2024-43468","cweIds":["CWE-89"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft Configuration Manager"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"active","epssScore":0.84918,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-66"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.65,"researchCategory":null,"atlasIds":null}}