Lucene search

[email protected]CVE-2022-23254

HistoryFeb 09, 2022 - 5:15 p.m.

CVE-2022-23254

2022-02-0917:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

228

cve-2022-23254

microsoft

power bi

information disclosure

vulnerability

nvd

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.2%

JSON

Microsoft Power BI Information Disclosure Vulnerability

VendorProductVersionCPE
microsoftclient_js_sdk*cpe:2.3:a:microsoft:client_js_sdk:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	client_js_sdk	*	cpe:2.3:a:microsoft:client_js_sdk::::::::

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23254

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.2%

JSON

Related for CVE-2022-23254

veracode1 prion1 mscve1 kaspersky1 rapid7blog1