Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB5023884
HistoryFeb 14, 2023 - 8:00 a.m.

KB5023884 - Description of the security update for Power BI Report Server: January 2023

2023-02-1408:00:00
Microsoft
support.microsoft.com
38

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

8 High

AI Score

Confidence

High

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

30.7%

JSON

KB5023884 - Description of the security update for Power BI Report Server: January 2023

Summary

This Microsoft Power BI Report Server security update resolves an escalation of privilege vulnerability. To learn more about the vulnerability, see CVE-2023-21809.

Affected versions

The following Power BI Report Server versions are updated in this security update:

  • Power BI Report Server (September 2022) - Product version: 1.15.8377.1837, file version:15.0.1110.135 * Power BI Report Server (September 2022)- Product version:1.15.8300.38452, file version:15.0.1110.120 * Power BI Report Server (May 2022)- Product version:1.14.8179.37378, file version:15.0.1108.297

Resolution

The following file is available for download from the Microsoft Download Center.

More information

Prerequisites

This security update applies to all installed versions of Power BI Server.

Security update deployment information

For deployment information about this security update, see Deployments - Security Update Guide.

Update version

Power BI Report Server is updated to the following version in this security update.Product Name Product version File version
Power BI Report Server (January 2023) 15.0.1111.115 1.16.8420.13742

Related

mscve 2
cvelist 2
prion 2
cve 2
nessus 1
kaspersky 2
rapid7blog 1
mscve
mscve
Power BI Report Server Spoofing Vulnerability
2023-02-14 08:00:00
Microsoft Defender for Endpoint Security Feature Bypass Vulnerability
2023-02-14 08:00:00
cvelist
cvelist
Microsoft Defender for Endpoint Security Feature Bypass Vulnerability
2023-02-14 19:33:13
Power BI Report Server Spoofing Vulnerability
2023-02-14 19:32:40
prion
prion
Security feature bypass
2023-02-14 20:15:00
Spoofing
2023-02-14 20:15:00
cve
cve
CVE-2023-21809
2023-02-14 20:15:15
CVE-2023-21806
2023-02-14 20:15:15
nessus
nessus
Security Update for Microsoft Power BI Report Server (January 2023)
2023-02-16 00:00:00
kaspersky
kaspersky
KLA20226 Multiple vulnerabilities in Microsoft System Center
2023-02-14 00:00:00
KLA20230 Multiple vulnerabilities in Microsoft SQL Server
2023-02-14 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - February 2023
2023-02-15 00:41:59

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

8 High

AI Score

Confidence

High

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

30.7%

JSON
Related for KB5023884
mscve2cvelist2prion2cve2nessus1kaspersky2rapid7blog1