CVE-2024-38190

Published Oct 15, 2024

Last updated 9 days ago

CVSS high 8.6

Overview

Description: Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector.
Source: secure@microsoft.com
NVD status: Analyzed
CNA Tags: exclusively-hosted-service

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.6
Impact score: 4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Severity: HIGH

Weaknesses

secure@microsoft.com: CWE-862

Hype score: Not currently trending

#CVE CVE-2024-38190 Power Platform Information Disclosure Vulnerability https://t.co/nzrxWuLucQ
@ComputerPunks
25 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-38190 Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector. https://t.co/cYKLJZnYPE
@CVEnew
570 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-38190: HIGH] Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector.#cybersecurity,#vulnerability https://t.co/dNVpdtPQKv https://t.co/XtfANkssnd
@CveFindCom
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🔍 ¡Alerta de Seguridad! CVE-2024-38190 revela una vulnerabilidad crítica en Power Platform. La falta de autorización permite que un atacante no autenticado acceda a información sensible a través de un vector de ataque de red. ⚠️ 🔑 **Detalles Clave:** - **Tipo:** CWE-862… htt
@antu_tech
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#securityupdate #microsoft #定例外 2024.10.15 Power Platform Information Disclosure Vulnerability CVE-2024-38190 Security Vulnerability リリース日: 2024年10月15日 - マイクロソフト https://t.co/COHMAdw9IY
@kawn2020
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
1 Quote

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:power_platform:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DAFE085E-8D29-4B6C-883E-92DC71109AA9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

https://nvd.nist.gov/vuln/detail/CVE-2024-38190
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38190

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References