Microsoft Power Platform Connector Spoofing Vulnerability
CVE-2023-36019

9.6CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft Power Platform; Azure Logic Apps
Vendor: CVE Published:; 12 December 2023

What is CVE-2023-36019?

The spoofing vulnerability in Microsoft Power Platform Connector allows unauthorized entities to manipulate and misrepresent data exchanged between services. Attackers could exploit this weakness, potentially leading to significant data integrity issues. Users are advised to implement security updates and adhere to best practices for securing connections to mitigate risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Azure Logic Apps Unknown 3.0 < 3.23113

Microsoft Power Platform Unknown 1.0.0 < 3.23113

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Jun 20, 2023

JSON

Microsoft

What is CVE-2023-36019?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.