8.5
CVE-2024-43479
- EPSS 1.06%
- Published 10.09.2024 17:15:35
- Last modified 13.09.2024 14:38:13
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
Microsoft Power Automate Desktop Remote Code Execution Vulnerability
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Power Automate SwPlatformwindows Version >= 2.41 < 2.41.178.24249
Microsoft ≫ Power Automate SwPlatformwindows Version >= 2.42 < 2.42.331.24249
Microsoft ≫ Power Automate SwPlatformwindows Version >= 2.43 < 2.43.249.24249
Microsoft ≫ Power Automate SwPlatformwindows Version >= 2.44 < 2.44.55.24249
Microsoft ≫ Power Automate SwPlatformwindows Version >= 2.45 < 2.45.404.24249
Microsoft ≫ Power Automate SwPlatformwindows Version >= 2.46 < 2.46.181.24249
Microsoft ≫ Power Automate SwPlatformwindows Version >= 2.47 < 2.47.119.24249
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.06% | 0.768 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secure@microsoft.com | 8.5 | 1.8 | 6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.