3 matches found
CVE-2024-35260
CVE-2024-35260 affects Microsoft Dataverse. An authenticated attacker can exploit an untrusted search path to execute code over the network, enabling remote code execution. Affected product: Microsoft Dataverse (Power Platform). Root cause: untrusted search path vulnerability. Impact: arbitrary c...
CVE-2023-36019
The CVE-2023-36019 entry applies to Microsoft Power Platform Connector (Power Platform/Logic Apps/Power Automate). The vulnerability is a Spoofing flaw that could allow an attacker to pretend to be another user via the connector, enabling impersonation with high impact (CVE-2023-36019 CVSS 9.6, e...
CVE-2024-38190
CVE-2024-38190 concerns a missing authorization vulnerability in Microsoft Power Platform (and associated components like Dataverse) that allows an unauthenticated attacker to view sensitive information over a network vector. The provided metrics assign a CVSS3.1 base score of 8.6 (HIGH) with net...