CVE-2024-43481: Power BI Report Server Spoofing Vulnerability

Overview

Severity

Medium (CVSS 6.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2024-Oct

Released

2024-10-08

Last Updated

2024-10-10

EPSS Score

4.06% (percentile: 88.5%)

FAQ

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

Affected Products (1)

SQL Server

• Power BI Report Server - May 2024

Security Updates (1)

• Release Notes

Acknowledgments

<a href="https://www.linkedin.com/in/omaralatwi/">Omar Alatwi</a>

Revision History

• 2024-10-08: Information published.
• 2024-10-10: Corrected Article links in the Security Updates table. This is an informational change only.