Spoofing Vulnerability in Microsoft Power BI Report Server
CVE-2020-1173

6.8MEDIUM

Key Information:

Vendor: Microsoft
Status: Power Bi Report Server
Vendor: CVE Published:; 21 May 2020

Summary

A spoofing vulnerability affecting Microsoft Power BI Report Server arises from insufficient validation of the content-type of uploaded attachments. This flaw may allow potential attackers to exploit the server's handling of these attachments, posing risks to data integrity and system security. Users are encouraged to review their attachment handling practices and apply the necessary security measures to safeguard against this vulnerability.

Affected Version(s)

Power BI Report Server = unspecified

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 21, 2020
Vulnerability Reserved
Nov 4, 2019