Microsoft Power Platform Connector Spoofing Vulnerability
CVE-2023-36019

9.6CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft Power Platform; Azure Logic Apps
Vendor: CVE Published:; 12 December 2023

Summary

The spoofing vulnerability in Microsoft Power Platform Connector allows unauthorized entities to manipulate and misrepresent data exchanged between services. Attackers could exploit this weakness, potentially leading to significant data integrity issues. Users are advised to implement security updates and adhere to best practices for securing connections to mitigate risks associated with this vulnerability.

Affected Version(s)

Azure Logic Apps Unknown 3.0 < 3.23113

Microsoft Power Platform Unknown 1.0.0 < 3.23113

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Jun 20, 2023