Описание
On-Premises Data Gateway Information Disclosure Vulnerability
FAQ
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the data contained in the targeted PowerBI dashboard. The scope of PowerBI data which could be accessed is dependent on the privileges of compromised user.
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires the victim user to login or authenticate to the target environment.
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
The attacker must be authenticated to be able to exploit this vulnerability.
What actions do customers need to take to protect themselves from this vulnerability?
Only customers who have configured a SAP HANA data source to use single sign-on (SSO) are affected and must update their On-Premises Data Gateway to protect against this vulnerability. More information regarding SSO for On-Premises Data Gateways can be found here: Overview of single sign-on for on-premises data gateways in Power BI
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| On-Premises Data Gateway |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
6.4 Medium
CVSS3
Связанные уязвимости
On-Premises Data Gateway Information Disclosure Vulnerability
On-Premises Data Gateway Information Disclosure Vulnerability
Уязвимость локального шлюза данных Microsoft On-Premises Data Gateway, связанная с некорректной авторизацией, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
6.4 Medium
CVSS3