Power Platform
CVE-2024-38190
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Primary rating from Vendor (microsoft) · only source for this CVE.
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector.
AnalysisAI
Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified as Missing Authorization (CWE-862), which allows attackers to access resources or perform actions without proper authorization checks. Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector. Affected products include: Microsoft Power Platform.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Implement role-based access control, validate authorization on every request server-side, apply principle of least privilege.
More in Power Platform
View allAn authenticated attacker can exploit an untrusted search path vulnerability in Microsoft Dataverse to execute code over
Microsoft Power Platform Connector Spoofing Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotel
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today