Описание
Microsoft Power Apps (online) Spoofing Vulnerability
FAQ
According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?
Limited information can be disclosed to the attacker through the misuse of the infrastructure, but no sensitive information can be obtained by the attacker.
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.
Why is no action required to install this update?
This CVE addresses a vulnerability in the Microsoft Power Apps online version only. As such, customers do not need to take any action because releases are rolled out automatically over several days. For more information about the releases for Microsoft Power Apps see What's new in Power Apps?.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
5.4 Medium
CVSS3
Связанные уязвимости
Уязвимость среды разработки приложений Microsoft Power Apps, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю проводить спуфинг-атаки
EPSS
5.4 Medium
CVSS3