Power Bi Report Server
CVE-2021-31984
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N
Primary rating from Vendor (microsoft) · only source for this CVE.
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
Power BI Remote Code Execution Vulnerability
AnalysisAI
Power BI Remote Code Execution Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
Affected products include: Microsoft Power Bi Report Server.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Power Bi Report Server
View allA cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly
Power BI Report Server Spoofing Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitabl
Power BI Report Server Spoofing Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitabl
Improper input validation in Power BI allows an authorized attacker to execute code over a network. [CVSS 8.0 HIGH]
Microsoft Power BI Information Disclosure Vulnerability. Rated high severity (CVSS 7.7), this vulnerability is remotely
A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Temp
A spoofing vulnerability exists in Microsoft Power BI Report Server in the way it validates the content-type of uploaded
Cross-site scripting (CWE-79) in Microsoft Power BI Report Server lets an authenticated, low-privileged attacker inject
Power BI Report Server Spoofing Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploita
Share
External POC / Exploit Code
Leaving vuln.today