58 matches found
CVE-2024-47083 Power Platform Terraform Provider has Improper Masking of Secrets in Logs
Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive information, specifically the clientsecret used in the service principal authentication, may be...
CVE-2024-47083
CVE-2024-47083 affects the Microsoft Power Platform Terraform Provider. Versions prior to 3.0.0 contain an issue where the service principal authentication’s sensitive data, notably the client_secret, may be exposed in logs due to a logging code error that fails to mask it when logs are persisted...
CVE-2024-47083 Power Platform Terraform Provider has Improper Masking of Secrets in Logs
Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive information, specifically the clientsecret used in the service principal authentication, may be...
CVE-2024-47083 Power Platform Terraform Provider has Improper Masking of Secrets in Logs
Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive information, specifically the clientsecret used in the service principal authentication, may be...
Microsoft Power Platform Security Vulnerability
Microsoft Power Platform is a set of low-code tools from Microsoft Corporation USA. A security vulnerability exists in Microsoft Power Platform. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor announcement...
KLA70178 ACE vulnerability in Microsoft Dynamics
ACE vulnerability was found in Microsoft Dynamics. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2024-35260 CVE list CVE-2024-35260 critical Solution Install necessary updates from the KB section, that are listed in your Windows Update Windows...
PT-2024-7450 · Microsoft · Power Platform
Name of the Vulnerable Software and Affected Versions: Power Platform affected versions not specified Description: The issue is related to a lack of authorization in Power Platform, allowing an unauthenticated attacker to view sensitive information through a network attack vector. This can lead t...
The vulnerability of the Microsoft Power Platform Connector’s application programming interface, related to errors in information representation by the user interface, allows a hacker to perform a spear-phishing attack.
The vulnerability of the Microsoft Power Platform Connector’s application programming interface is related to errors in information representation by the user interface. Exploiting this vulnerability allows a malicious actor to carry out a spear-phishing attack by sending the user a specially...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, gain access to sensitive data, or to impersonate another user via a cross-site scripting attack. Such an attack can lead to execution of...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Dynamics. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to impersonate another user through a Cross-Site-Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access...
CVE-2023-36019
Microsoft Power Platform Connector Spoofing Vulnerability...
CVE-2023-36019
Microsoft Power Platform Connector Spoofing Vulnerability...
CVE-2023-36019
Microsoft Power Platform Connector Spoofing Vulnerability...
Spoofing
Microsoft Power Platform Connector Spoofing Vulnerability...
CVE-2023-36019 Microsoft Power Platform Connector Spoofing Vulnerability
...
CVE-2023-36019
The CVE-2023-36019 entry applies to Microsoft Power Platform Connector (Power Platform/Logic Apps/Power Automate). The vulnerability is a Spoofing flaw that could allow an attacker to pretend to be another user via the connector, enabling impersonation with high impact (CVE-2023-36019 CVSS 9.6, e...
Microsoft Power Platform Connector Spoofing Vulnerability
...
Microsoft Power Platform Connector Security Vulnerability
The Microsoft Power Platform Connector is a proxy or wrapper for an API from Microsoft Corporation USA. A security vulnerability exists in Microsoft Power Platform Connector. An attacker could exploit this vulnerability to conduct spoofing attacks. The following products and versions are affected...
PT-2023-7607 · Microsoft · Power Platform Connector
Name of the Vulnerable Software and Affected Versions: Microsoft Power Platform Connector affected versions not specified Description: The issue is related to errors in the representation of information by the user interface, which can allow a remote attacker to conduct a spoofing attack by sendi...
Experts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated Privilege
Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID formerly Azure Active Directory application by taking advantage of an abandoned reply URL. "An attacker could leverage this abandoned URL to redirect authorization codes to themselves,...