Microsoft Power Platform Connector Spoofing Vulnerability
CVE-2023-36019

9.6CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft Power Platform; Azure Logic Apps
Vendor: CVE Published:; 12 December 2023

What is CVE-2023-36019?

The spoofing vulnerability in Microsoft Power Platform Connector allows unauthorized entities to manipulate and misrepresent data exchanged between services. Attackers could exploit this weakness, potentially leading to significant data integrity issues. Users are advised to implement security updates and adhere to best practices for securing connections to mitigate risks associated with this vulnerability.

Affected Version(s)

Azure Logic Apps Unknown 3.0 < 3.23113

Microsoft Power Platform Unknown 1.0.0 < 3.23113

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Jun 20, 2023