Описание
Microsoft Power Apps Remote Code Execution Vulnerability
Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.
FAQ
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.
According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a user to open a specially crafted shared app from the attacker to initiate remote code execution.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
8 High
CVSS3
Связанные уязвимости
Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.
Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.
EPSS
8 High
CVSS3