CVE-2021-26859Sensitive Information Exposure in Microsoft Power BI Report Server Version 15.0.1103.234

4 documents4 sources
Severity
6.5MEDIUMNVD
CNA7.7
EPSS
3.7%
top 11.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft Power BI Report Server Version 15.0.1103.234Microsoft Power BI Report Server Version 15.0.1104.300Microsoft Power BI Report Server
Timeline
PublishedMar 11
Latest updateMay 24

Description

Microsoft Power BI Information Disclosure Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5microsoft/power_bi_report_server_version_15.0.1103.23415.0.0.0publication
CVEListV5microsoft/power_bi_report_server_version_15.0.1104.30015.0.0.0publication
NVDmicrosoft/power_bi_report_server15.0.1103.234, 15.0.1104.300+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-8ff9-hr9f-57m5: Microsoft Power BI Information Disclosure Vulnerability2022-05-24
CVEList
Microsoft Power BI Information Disclosure Vulnerability2021-03-11

📋Vendor Advisories

1
Microsoft
Microsoft Power BI Information Disclosure Vulnerability2021-03-09
CVE-2021-26859 — Sensitive Information Exposure | cvebase