Microsoft Dataverse Elevation of Privilege Vulnerability
CVE-2024-38139

8.7HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Dataverse
Vendor: CVE Published:; 15 October 2024

Summary

The vulnerability in Microsoft Dataverse arises from improper authentication mechanisms, which may allow authorized attackers to elevate their privileges across the network. By exploiting this flaw, attackers can gain access to sensitive data and perform actions beyond their intended user permissions. Organizations utilizing Microsoft Dataverse should prioritize patching and review their security protocols to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Microsoft Dataverse Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 15, 2024