Power Platform Information Disclosure Vulnerability
CVE-2024-38190

8.6HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Power Platform
Vendor: CVE Published:; 15 October 2024

Summary

The vulnerability in Microsoft Power Platform arises from a lack of adequate authorization checks, enabling an unauthenticated attacker to gain access to sensitive information. This security gap can be exploited through network attack vectors, potentially leading to unauthorized data exposure. Organizations relying on Power Platform should prioritize assessing their exposure to this issue and implementing necessary security measures to mitigate the risk.

Affected Version(s)

Microsoft Power Platform Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 15, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed