CVE-2020-1173 — Improper Input Validation in Microsoft Power BI Report Server

CWE-20 — Improper Input Validation CWE-1173 — Improper Use of Validation Framework7 documents6 sources

Severity

6.8MEDIUMNVD

EPSS

1.2%

top 21.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Power BI Report Server

Timeline

PublishedMay 21

Latest updateMay 24

Description

A spoofing vulnerability exists in Microsoft Power BI Report Server in the way it validates the content-type of uploaded attachments, aka 'Microsoft Power BI Report Server Spoofing Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:NExploitability: 2.3 | Impact: 4.0

Affected Packages1 packages

▶CVEListV5microsoft/power_bi_report_serverunspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-42v9-rj5j-m2v5: A spoofing vulnerability exists in Microsoft Power BI Report Server in the way it validates the content-type of uploaded attachments, aka 'Microsoft P↗2022-05-24

▶

CVEList

CVE-2020-1173: A spoofing vulnerability exists in Microsoft Power BI Report Server in the way it validates the content-type of uploaded attachments, aka 'Microsoft P↗2020-05-21

▶

📋Vendor Advisories

Juniper

CVE-2020-1640: An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon↗2020-07-17

▶

Microsoft

Microsoft Power BI Report Server Spoofing Vulnerability↗2020-05-12

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Multiple vulnerabilities in Synology DiskStation Manager↗2021-04-20

▶

Talos

Vulnerability Spotlight: Multiple vulnerabilities in Synology DiskStation Manager↗2021-04-20

▶