Lucene search
K
MicrosoftPower Bi Report Server

9 matches found

CVE
CVE
added 2021/07/14 5:53 p.m.197 views

CVE-2021-31984

CVE-2021-31984 is a remote code execution vulnerability affecting Microsoft Power BI components (notably Power BI Report Server). The CVE entry is supported by multiple sources indicating an RCE risk in affected Power BI products, with the underlying issue tied to code execution paths in Power BI...

8.8CVSS7.9AI score0.018EPSS
CVE
CVE
added 2019/12/10 9:40 p.m.145 views

CVE-2019-1332

CVE-2019-1332 is an XSS in Microsoft SQL Server Reporting Services (SSRS) caused by inadequate sanitization of crafted web requests. Affected product: SSRS within SQL Server deployments. Impact per documentation: cross-site scripting could enable script execution in the context of the SSRS user. ...

6.1CVSS5.9AI score0.07226EPSS
CVE
CVE
added 2024/10/08 5:35 p.m.145 views

CVE-2024-43612

CVE-2024-43612 affects Microsoft Power BI Report Server. The issue is described as a server-side spoofing vulnerability that could allow an attacker to impersonate a user and influence the user interface, potentially enabling remote code execution under the attacker’s context in some disclosures....

6.9CVSS5.7AI score0.00695EPSS
CVE
CVE
added 2021/11/10 12:46 a.m.134 views

CVE-2021-41372

Summary of CVE-2021-41372 (Power BI Report Server) : A combination of XSS and CSRF vulnerabilities occurs when a Power BI Report Server Template file (pbix) containing HTML is uploaded and HTML is accessed by a victim. Root cause: insufficient sanitization of file uploads, enabling uploaded templ...

9.6CVSS7.4AI score0.0062EPSS
CVE
CVE
added 2021/03/11 3:35 p.m.130 views

CVE-2021-26859

CVE-2021-26859 is a Microsoft Power BI Information Disclosure vulnerability affecting Power BI Report Server versions cited as affected: 15.0.1103.234 and 15.0.1104.300 (per CNNVD). The issue is described as an information disclosure caused by excessive data output by the application, enabling an...

7.7CVSS7.2AI score0.02839EPSS
CVE
CVE
added 2024/10/08 5:35 p.m.124 views

CVE-2024-43481

CVE-2024-43481 affects Power BI Report Server with a spoofing vulnerability in the server UI. Affected component: Power BI Report Server; root cause details are not fully enumerated in the provided documents, but the issue is identified as a server spoofing vulnerability with high impact per CVSS...

8.8CVSS7.4AI score0.01855EPSS
CVE
CVE
added 2023/02/14 7:32 p.m.116 views

CVE-2023-21806

CVE-2023-21806 is a spoofing vulnerability in Microsoft Power BI Report Server. Public sources indicate an authenticated, remote attacker could exploit it by deceiving a user into opening a malicious file on the server, enabling credential exposure or UI spoofing leading to privilege escalation. ...

8.2CVSS8.1AI score0.00775EPSS
CVE
CVE
added 2020/05/21 10:53 p.m.86 views

CVE-2020-1173

CVE-2020-1173 : A spoofing vulnerability in Microsoft Power BI Report Server arises from improper validation of the content-type of uploaded attachments. An authenticated attacker could upload a specially crafted payload and execute scripts in the user’s security context, enabling user-interface ...

6.8CVSS6.5AI score0.02388EPSS
CVE
CVE
added 2026/02/10 5:51 p.m.53 views

CVE-2026-21229

Power BI is affected by CVE-2026-21229 due to improper input validation, enabling an authorized attacker to execute code over a network. CVSS v3.1 base score 8.0 (High). Refer to Microsoft MSRC advisory for mitigations and updates.

8.8CVSS5.7AI score0.00902EPSS