Lucene search
+L

58 matches found

Cvelist
Cvelist
added 2024/09/25 9:21 p.m.42 views

CVE-2024-47083 Power Platform Terraform Provider has Improper Masking of Secrets in Logs

Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive information, specifically the clientsecret used in the service principal authentication, may be...

8.8CVSS0.01554EPSS
Exploits0References3
CVE
CVE
added 2024/09/25 9:21 p.m.71 views

CVE-2024-47083

CVE-2024-47083 affects the Microsoft Power Platform Terraform Provider. Versions prior to 3.0.0 contain an issue where the service principal authentication’s sensitive data, notably the client_secret, may be exposed in logs due to a logging code error that fails to mask it when logs are persisted...

8.8CVSS7.6AI score0.01554EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/25 9:21 p.m.15 views

CVE-2024-47083 Power Platform Terraform Provider has Improper Masking of Secrets in Logs

Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive information, specifically the clientsecret used in the service principal authentication, may be...

8.8CVSS6.9AI score0.01554EPSS
Exploits0References3
OSV
OSV
added 2024/09/25 9:21 p.m.22 views

CVE-2024-47083 Power Platform Terraform Provider has Improper Masking of Secrets in Logs

Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive information, specifically the clientsecret used in the service principal authentication, may be...

8.8CVSS7AI score0.01554EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/06/27 12:0 a.m.5 views

Microsoft Power Platform Security Vulnerability

Microsoft Power Platform is a set of low-code tools from Microsoft Corporation USA. A security vulnerability exists in Microsoft Power Platform. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor announcement...

9.8CVSS6.4AI score0.01034EPSS
Exploits0References2
Kaspersky
Kaspersky
added 2024/06/27 12:0 a.m.28 views

KLA70178 ACE vulnerability in Microsoft Dynamics

ACE vulnerability was found in Microsoft Dynamics. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2024-35260 CVE list CVE-2024-35260 critical Solution Install necessary updates from the KB section, that are listed in your Windows Update Windows...

9.8CVSS7.6AI score0.01034EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/12 12:0 a.m.10 views

PT-2024-7450 · Microsoft · Power Platform

Name of the Vulnerable Software and Affected Versions: Power Platform affected versions not specified Description: The issue is related to a lack of authorization in Power Platform, allowing an unauthenticated attacker to view sensitive information through a network attack vector. This can lead t...

8.6CVSS6.5AI score0.01076EPSS
Exploits0References14
BDU FSTEC
BDU FSTEC
added 2023/12/14 12:0 a.m.10 views

The vulnerability of the Microsoft Power Platform Connector’s application programming interface, related to errors in information representation by the user interface, allows a hacker to perform a spear-phishing attack.

The vulnerability of the Microsoft Power Platform Connector’s application programming interface is related to errors in information representation by the user interface. Exploiting this vulnerability allows a malicious actor to carry out a spear-phishing attack by sending the user a specially...

10CVSS7.6AI score0.16221EPSS
Exploits0References3
NCSC
NCSC
added 2023/12/13 12:0 a.m.4 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, gain access to sensitive data, or to impersonate another user via a cross-site scripting attack. Such an attack can lead to execution of...

9.6CVSS6.4AI score0.16221EPSS
Exploits0
NCSC
NCSC
added 2023/12/13 12:0 a.m.5 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to impersonate another user through a Cross-Site-Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access...

9.6CVSS6.9AI score0.16221EPSS
Exploits0
OSV
OSV
added 2023/12/12 6:15 p.m.2 views

CVE-2023-36019

Microsoft Power Platform Connector Spoofing Vulnerability...

7.4CVSS7.3AI score0.16221EPSS
Exploits0References1
NVD
NVD
added 2023/12/12 6:15 p.m.27 views

CVE-2023-36019

Microsoft Power Platform Connector Spoofing Vulnerability...

9.6CVSS0.16221EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/12/12 6:15 p.m.5 views

CVE-2023-36019

Microsoft Power Platform Connector Spoofing Vulnerability...

9.6CVSS5.3AI score0.16221EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2023/12/12 6:15 p.m.29 views

Spoofing

Microsoft Power Platform Connector Spoofing Vulnerability...

4.3CVSS7AI score0.16221EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/12/12 6:10 p.m.35 views

CVE-2023-36019 Microsoft Power Platform Connector Spoofing Vulnerability

...

9.6CVSS9.6AI score0.16221EPSS
Exploits0References1
CVE
CVE
added 2023/12/12 6:10 p.m.95 views

CVE-2023-36019

The CVE-2023-36019 entry applies to Microsoft Power Platform Connector (Power Platform/Logic Apps/Power Automate). The vulnerability is a Spoofing flaw that could allow an attacker to pretend to be another user via the connector, enabling impersonation with high impact (CVE-2023-36019 CVSS 9.6, e...

9.6CVSS8.3AI score0.16221EPSS
Exploits0References1Affected Software2
Microsoft CVE
Microsoft CVE
added 2023/12/12 8:0 a.m.30 views

Microsoft Power Platform Connector Spoofing Vulnerability

...

9.6CVSS7.1AI score0.16221EPSS
Exploits0
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.10 views

Microsoft Power Platform Connector Security Vulnerability

The Microsoft Power Platform Connector is a proxy or wrapper for an API from Microsoft Corporation USA. A security vulnerability exists in Microsoft Power Platform Connector. An attacker could exploit this vulnerability to conduct spoofing attacks. The following products and versions are affected...

9.6CVSS8.9AI score0.16221EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/12 12:0 a.m.5 views

PT-2023-7607 · Microsoft · Power Platform Connector

Name of the Vulnerable Software and Affected Versions: Microsoft Power Platform Connector affected versions not specified Description: The issue is related to errors in the representation of information by the user interface, which can allow a remote attacker to conduct a spoofing attack by sendi...

10CVSS8.9AI score0.16221EPSS
Exploits0References24
The Hacker News
The Hacker News
added 2023/08/28 4:5 p.m.42 views

Experts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated Privilege

Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID formerly Azure Active Directory application by taking advantage of an abandoned reply URL. "An attacker could leverage this abandoned URL to redirect authorization codes to themselves,...

6.8AI score
Exploits0
Rows per page
Query Builder