KB4535833 - SQL Server Reporting Services XSS vulnerability

Applies To

SQL Server 2016 Service Pack 2

Symptoms

A cross-site scripting (XSS) vulnerability exists if Microsoft SQL Server Reporting Services (SSRS) does not correctly sanitize a specially-crafted web request to an affected SSRS server. See CVE-2019-1332 for details.

Resolution

To fix this issue in the products that are listed in “Applies to,” install the following security update, as appropriate:

Description of the security update for SQL Server 2016 SP2 CU11: February 11, 2020
Description of the security update for SQL Server 2016 SP2 GDR: February 11, 2020

SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

KB4535833 - SQL Server Reporting Services XSS vulnerability

Symptoms

Resolution

Need more help?

Want more options?

Was this information helpful?

Thank you for your feedback!