Описание
Power BI Report Server Spoofing Vulnerability
FAQ
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted file to be compromised by the attacker.
According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?
The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.
According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Power BI Report Server - May 2024 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
6.9 Medium
CVSS3
Связанные уязвимости
Уязвимость сервера отчетов Power BI, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить межсайтовые сценарные атаки
EPSS
6.9 Medium
CVSS3