Security Announcement on CVE-2024-0056

We will update this announcement with new details as they emerge from our analysis. Please check back periodically.

Last update: 18 January 2024, 5:30 PM CET

CVE-2024-0056 is an 8.7 rated vulnerability affecting Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider, third-party components used in our products. It allows attackers to perform a machine-in-the-middle (MITM) attack.

Further official information on this can be found at the National Institute of Standards and Technology.

enaio® (all versions)

It is recommended that all customers using MS SQL Server 2022 and / or ODBC drivers in versions lower than 17, install the security patches specified by Microsoft, which can be found here: MSRC