4 matches found
CVE-2023-36019
The CVE-2023-36019 entry applies to Microsoft Power Platform Connector (Power Platform/Logic Apps/Power Automate). The vulnerability is a Spoofing flaw that could allow an attacker to pretend to be another user via the connector, enabling impersonation with high impact (CVE-2023-36019 CVSS 9.6, e...
CVE-2026-32171
CVE-2026-32171—Azure Logic Apps Elevation of Privilege is confirmed with a high-severity impact (CVSS v3.1 base 8.8) due to insufficiently protected credentials that allow an authorized attacker to obtain elevated privileges over the network. Affected product: Azure Logic Apps. Root cause: insuff...
CVE-2026-42823
Azure Logic Apps is affected by CVE-2026-42823 due to improper access control that may allow an authorized attacker to elevate privileges over a network. The CVSS 3.1 metrics indicate a CRITICAL score (9.9) with network attack vector, low complexity, and privileges required, and impacts to confid...
CVE-2026-21227
The CVE-2026-21227 entry describes a path traversal vulnerability in Azure Logic Apps: improper limitation of a pathname to a restricted directory that could allow an unauthenticated attacker to elevate privileges over a network. The root cause is stated as a pathname restriction flaw in Azure Lo...