Power BI Report Server Spoofing Vulnerability
CVE-2023-21806

8.2HIGH

Key Information:

Vendor: Microsoft
Status: Power Bi Report Server - January 2023
Vendor: CVE Published:; 14 February 2023

What is CVE-2023-21806?

A spoofing vulnerability exists in Power BI Report Server, allowing an attacker to impersonate other users. This can lead to unauthorized access to sensitive data and could compromise the integrity of reports. Organizations using Power BI Report Server are advised to apply the latest security updates to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Power BI Report Server - January 2023 Unknown 15.0.0 < 15.0.1111.115

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 14, 2023
Vulnerability Reserved
Dec 16, 2022

Microsoft

What is CVE-2023-21806?

Affected Version(s)

References

CVSS V3.1

Timeline