This page details previously-announced security vulnerabilities in Redgate's products. Our Product Security Policy details how we announce vulnerabilities.
2024
Redgate Monitor prior to version 14.0.8 is susceptable to CVE-2024-35255, allowing an attacker with local access to the system hosting the Redgate Monitor Base Monitor to read any file on the file system with SYSTEM access permissions. Details
2023
SQL Monitor versions 12.0.0 to 13.0.21 (inclusive) contain a vulnerability that can result in a Denial of Service attack against its Web Service when hosted using SQL Monitor's built-in web server (CVE-2023-38180). Details
SQL Monitor prior to version 12.1.54 contains vulnerabilities allowing low-privileged users to perform actions their permissions should not allow, and when using Active Directory (LDAP) authentication, allows low-privileged users to elevate their permissions to a SQL Monitor administrator role (CVE-2022-47542). Details
2021
CVE-2021-44228 (log4j's "log4shell" vulnerability) did not affect any of Redgate's products. Details
SQL Monitor versions 9.0.4 to 11.0.18 (inclusive) contain an issue when using Active Directory authorization, whereby some non-administrator users could potentially view servers they were not entitled to according to SQL Monitor's access control settings. Details
2020
SQL Monitor versions 7.1.4 to 10.1.5 (inclusive) do not correctly check TLS certificate validity for webhook, email, or Slack alerts when it is disabled for a particular scope, or where VMWare servers are monitored. Details
SQL Monitor versions 9.0.13 to 9.2.14 (inclusive) have a security vulnerability where a user who is an administrator of the SQL Monitor installation is able to perform a SQL injection attack. Details
2019
SQL Monitor prior to 9.2.5 allowed users with administrative privleges to retrieve configured SMTP server credentials. Details
2018
SQL Monitor prior to 8.0.19 was vulnerable to a cross-site scripting attack. Details
SmartAssembly prior to 6.12.5 was vulnerable to untrusted code execution. Details
.NET Reflector prior to 10.0.7.774 was vulnerable to untrusted code execution. Details
2015
SQL Monitor prior to 4.2, or SQL Monitor 3 prior to 3.10, were vulnerable to an authentication bypass and SQL command execution. Details
2013
SQL Backup versions 7.4 and 7.5 insecurely stored credentials for the SQL Backup Agent service. Details